在 android 中的 sqlite 中选择查询，其中 where 子句中有两个值

发布于 2024-10-22 05:54:48 字数 233 浏览 1 评论 0原文

我想在 android 的 sqlite 中编写查询，其中我想根据该行的两个值获取一个值。我该怎么做？我有以下查询来根据一个值获取值：

cursor = db.query(TABLE_NAME,new String[] {NAME}, ROLL_NO + " like" + "'%" 
                + roll + "%'", null, null, null, null);

原文

i want to write query in sqlite for android in which i want to get a value based upon two values of that row.How can i do that?
i have the following query to get value based on one value:

cursor = db.query(TABLE_NAME,new String[] {NAME}, ROLL_NO + " like" + "'%" 
                + roll + "%'", null, null, null, null);

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

二智少女猫性小仙女 2024-10-29 05:54:48

试试这个

cursor = db.query(TABLE_NAME,new String[] {NAME}, ROLL_NO + " like" + "'%" + roll + "%' **OR** ", null, null, null, null)

在上述查询中的 OR 之后添加第二个子句

回复收藏 0 原文

樱花落人离去 2024-10-29 05:54:48

顺便提一句。伙计们，你考虑过数据库安全（SQL注入攻击）吗？如果 roll 是用户输入的或者您从潜在的“危险”源（文件或网络）获取它，那么我建议将代码重写为以下内容：

db.query(
  TABLE_NAME,
  new String[] {NAME}, 
  ROLL_NO + " like " + "'%?%'",
  new String[] { String.valueOf(roll) },
  null, null, null
);

这样做数据库将在执行查询之前“预处理”roll 值，以确保该值可以安全使用。然后将插入安全值，而不是 ROLL_NO + " like " + "'%?%'" 语句中的 ? 字符。

BTW. Guys, have you thought about DB security (SQL injection attacks)? If roll is smth that user inputs or you get it from a potentially "dangerous" source (file or network), then I'd recommend to rewrite the code to the following:

db.query(
  TABLE_NAME,
  new String[] {NAME}, 
  ROLL_NO + " like " + "'%?%'",
  new String[] { String.valueOf(roll) },
  null, null, null
);

Doing this way the DB will "preprocess" the roll value before executing the query to ensure the value is safe to use. The safe value will be then inserted instead of the ? char in the ROLL_NO + " like " + "'%?%'" statement.

回复收藏 0 原文

十级心震 2024-10-29 05:54:48

谢谢。以下代码对我有用：

public Cursor fetchMyValues() {
String DATABASE_TABLE="mytablename";
String depthVar="'50'";
String tempVar="'2.5'";
return mDb.query(DATABASE_TABLE, new String[] {"_id", "depth", "temp", "health"}, 
          "temp like " + tempVar + " AND " + "depth like" + depthVar, null, null, null, null);}

这代表我的sql：
从 mytablename 中选择健康状况，其中 temp='2.5' 且深度='50'；

嗯……
我想我可以用 int 和/或 double 来完成这个清理工作，使用 = 而不是 like。

Thanks. The following code worked for me:

public Cursor fetchMyValues() {
String DATABASE_TABLE="mytablename";
String depthVar="'50'";
String tempVar="'2.5'";
return mDb.query(DATABASE_TABLE, new String[] {"_id", "depth", "temp", "health"}, 
          "temp like " + tempVar + " AND " + "depth like" + depthVar, null, null, null, null);}

This would represent my sql:
select health from mytablename where temp='2.5' and depth='50';

hmmm....
I suppose I could do this cleaner with int and/or double, using = instead of like.

回复收藏 0 原文

梦言归人 2024-10-29 05:54:48

它的简单尝试这个actid，cusid是字符串，FF_CUSTOMER_ID，FF_ACTIVITY_ID是列名

Cursorcursor = db.rawQuery("select * from " + TABLE_PROJECT_ACTIVITY_CHECKLIST +" where " + FF_ACTIVITY_ID + " = ? AND " + FF_CUSTOMER_ID + " = ? " ,新字符串[] { actid,cusid});

回复收藏 0 原文

~没有更多了~