All geek questions in one place

Android SQLite INSERT

I am using execSQL for SQLite database. Sql INSERT strnig -

INSERT INTO Tasks (_id, Aircraft, Station, Discrepancy,DateCreated, CreatedBy, Status, DateClosed, ClosedBy, ArrivalFlightID, RecordChangedByUI) VALUES ('271104',' ','ORD','Critical Flight (0496/28)','9/4/2011 6:57:00 PM','SYSTEM','NEW','','null','0','N')

Table

 "create table Tasks (_id integer primary key, " + "Aircraft text null, Station text null, Discrepancy text null, DateCreated text null, CreatedBy text null, Status text null, DateClosed text, ClosedBy text null, ArrivalFlightID text null, RecordChangedByUI text null);";

It throws an exception "Empty bindArgs"

Can someone tell me where I am going wrong?

+6
source share
2 answers

You cannot pass null as the second parameter. If you are not using it, just ignore it and it will work:

 String sql = "INSERT INTO Tasks (_id, Aircraft, Station, Discrepancy,DateCreated, CreatedBy, Status, DateClosed, ClosedBy, ArrivalFlightID, RecordChangedByUI) " VALUES ('" + tasks[i]._id + "','" + tasks[i].Aircraft + "','" + tasks[i].Station + "','" + tasks[i].Discrepancy + "','" + tasks[i].DateCreated + "','" + tasks[i].CreatedBy + "','" + tasks[i].Status + "','" + tasks[i].DateClosed + "','" + tasks[i].ClosedBy + "','" + tasks[i].ArrivalFlightID + "','N')"; this.database.execSQL(sql);

However, the above example is vulnerable - an SQL query can be easily entered. All rows passed to the request must be escaped using DatabaseUtils.sqlEscapeString(task[i].something) .

+11
source

Try the database.insert or insertOrThrow command. This requires explicitly adding each field to the ContentValues ​​object, but it is much neater.

 ContentValues insertValues = new ContentValues(); insertValues.put("_id", tasks[i]._id); ... // other fields long rowId = this.database.insert(DATABASE_TABLE, null, insertValues);
+8
source

Source: https://habr.com/ru/post/896801/

More articles:


All Articles