CODEWITHSUNDEEP
androiddatabasesqlite
Marco Moderatto
Marco Moderatto

Reputation: 59

Inappropiate search through sqlite database from android

This query seems to work fine:

public Cursor getOneWine(long id) {
    return database.query("vino", null, "_id=" + id, null,
                          null, null, null);
}

But when I try to change "_id"+id to "name="+name it does not work! also tried this:

public Cursor getSearchWine(String name) {
    return database.query("vino", new String[] {"_id", "name"}, "name="+name, null,
                          null, null, "name");
}

which is working well when I want a cursor from all wines.

public Cursor getAllWines() {
    return database.query("vino", new String[] {"_id", "name"},  null, null,
                          null, null, "name");
}

Also checked the Android documentation but didn't find a solution.

Upvotes: 3

Views: 110

Answers (1)

CL.
CL.

Reputation: 180070

In SQL, strings must be quoted:

db.query("vino", new String[] {"_id", "nombre"}, "name='" + name + "'", ...);

However, this will cause problems if the name contains '; it is recommended to use parameters for strings instead:

db.query("vino", new String[] {"_id", "nombre"}, "name=?", new String[] {name}, ...);

Upvotes: 1

Related Questions