android where clause query not working - android

String name="xyz";
String sql="select * from "+table_name+" where person_name='"+name+"'";
Above query is working fine. but if I replace person_name with any other column name like person_item or person_trip, no results are shown and there is no error.
String sql="select * from "+table_name+" where person_item='"+name+"'";
This query doesn't work.
What can be the possible error? I have been trying to get this work for last 7 days. Please help, thanks in advance.

You could try this - using a cursor
Where myDB is an instance of SQLiteDatabase...
Cursor c = myDB.rawQuery("SELECT * FROM " + table_name , null);
int ITEM_COLUMN = c.getColumnIndex("person_item");
myDB.execSQL("SELECT * FROM "+table_name+" WHERE "+c.getColumnName(ITEM_COLUMN)+" = "+name+";");
You could read more about cursors and their interaction with databases here:
http://developer.android.com/reference/android/database/sqlite/SQLiteCursor.html

Related

SQLite - Match results based on string value issue

I'm currently having an issue with my SQL Lite code with regards to counting matching results. In my application the user will have the ability to add a new folder and give it a name. Before the folder is added to the application my code will check to see if a folder with the same name already exists if so it will prompt the user.
When using my code below I receive an error informing me the column doesn't exist. If I remove everything past WHERE then it works perfectly and counts every record within the table.
I've reinstalled the application and changed the database version so that its completely clean, just to make sure. I'm certain its only something very minor I'm missing.
public int countMatchingFolders (String folderName){
String countQuery = "SELECT * FROM " + Primary_Table + " WHERE " + Col_FolderName + " = " + folderName;
SQLiteDatabase db = this.getReadableDatabase();
Cursor cursor = db.rawQuery(countQuery, null);
int cnt = cursor.getCount();
cursor.close();
return cnt;
}
Error message I'm receiving
android.database.sqlite.SQLiteException: no such column: testFolder (code 1): , while compiling: SELECT * FROM Folder_Table WHERE Col_FolderName = testFolder
Any assistance to help with the issue would be greatly appreciated.
The error is because the string value doesn't have quotes around it, so it is treated as a table name instead of a string. You should use a bound query argument to fix this. Bound arguments also prevent SQL injection attacks:
String countQuery = "SELECT * FROM " + Primary_Table + " WHERE " + Col_FolderName + " = ?";
Cursor cursor = db.rawQuery(countQuery, new String[]{folderName});
Note that you can do "SELECT COUNT(*) as row_count" ... to let the database engine count the number of records more efficiently.

Issue with rawQuery() in android

I am trying to execute a query to retrieve some data from the table.
Below is my query:
cursor = myDB.rawQuery("SELECT * FROM myTable WHERE myNumber="+"'myCustomNumber'", null);
where myNumber is type of 'TEXT'
But every time I am getting cursor.getCount() = 0;
It seems there's a mistake in my query.
Please let me know the correct way of writing above query.
In your query the parameter passed as myNumber has become a text due the double quotes around it.
Change it to,
cursor = myDB.rawQuery("SELECT * FROM myTable WHERE myNumber = ' " + myCustomNumber + "'", null);
I think you should be use below code :
cursor = myDB.rawQuery("SELECT * FROM myTable WHERE myNumber='"+myCustomNumber+"'", null);
i hope it will work for you.
Try this
String phoneNo = "0000000000";
String query = "Select * from where mynumber = '" +phoneNo+ "'";
cursor = myDB.rawQuery(query,null);
you can execute that query i.e.
rawQuery("SELECT * FROM myTable WHERE myNumber= = ? ", new String[] {"myCustomNumber"});
In the query that you have used, the number has not been passed in quotes.
cursor = myDB.rawQuery("SELECT * FROM myTable WHERE myNumber="+"'myCustomNumber'", null);
That query would mean myNumber= myCustomNumber literally, and not a variable value.
You need to add the quotes before and after your myCustomNumber like:
cursor = myDB.rawQuery("SELECT * FROM myTable WHERE myNumber="+"'"+myCustomNumber+"'", null);

Android Sqlite no result

what do you think my problem is.
I am querying a sqlite database.
This code doesn't give any result.
String sql = " select _id from MYTABLE where _id = ? ";
Cursor cur = mDb.rawQuery(sql, new String[] {"5653"}) ;
but if I am executing the query without parameters like this:
String sql = " select _id from MYTABLE where _id = 5653 ";
Cursor cur = mDb.rawQuery(sql, null) ;
One row is returned as expected.
Many thanks.
That happens because the values are bound as strings, and that column is (i am guessing) an int. so the where clause will end up being
where _id = "5653"
From rawQuery javadoc for selectionArgs -
You may include ?s in where clause in the query, which will be replaced by the values from selectionArgs. The values will be bound as Strings.
Try this:
String sql = " select _id from MYTABLE where _id = '5653' ";

What is the correct syntax for SELECT statement and WHERE clause?

I am trying to explore android and I just started using SQLite database. I'm wondering on what is the right syntax for selecting a single row from a table, where the row I want to select is from the value entered from a user using editText. Thanks in advance.
I'm going to disagree with both of the answers above. What if the user enters this query:
Bobby Tables'; drop table yourTable;
See: http://xkcd.com/327/
I believe you should do this instead:
String query = "select * from TABLE_NAME WHERE column_name=?";
String[] selection = new String[1];
selection[0] = users_entered_value;
Cursor c = db.rawQuery(query, selection);
ETA: Actually, the more I think about it, the more I think you're going in the wrong direction. If your app depends on a database query returning exactly one unique match to an arbitrary string entered by the user, it's probably going to be broken a great deal of the time.
What you should probably do is something like this:
String query = "select * from TABLE_NAME WHERE column_name LIKE ?";
String[] selection = new String[1];
selection[0] = "%" + users_entered_value + "%";
Cursor c = db.rawQuery(query, selection);
and then iterate through the results and pick a "best" match according to your own criteria.
Also, you should create the table with case-insensitive matching for the column(s) you're going to be searching.
SQLiteDatabase db;
db.rawQuery("select * from yourTable where your_column_name = 'users_entered_value' limit 1", null);
SQLiteDatabase db;
// make connection to your database ;
Cursor c = null ;
String SQL = "select * from TABLE_NAME where column_name='VALUE'";
c = db.rawQuery(SQL);
c contains your result array of query you fired.
You can retrieve values using loop.

Problem using variable in a Query

I am banging my head over this for several hours, I tested many ways and I know where the proble is, but I just can't figure out how to fix it, I need an external point of view here.
That's my query code:
public Cursor getAllExpensesUser(int user){
String sql = "SELECT * FROM expense WHERE _id IN (SELECT id_expense FROM forwho WHERE id_user = "+ user +")";
return mDb.rawQuery(sql, null);
}
With this query it returns nothing.
When using the following query it returns my desired rows... obviously im using the id number directly.
`String sql = "SELECT * FROM expense WHERE _id IN (SELECT id_expense FROM forwho WHERE id_user = 2)";`
I have tried also with arguments:
public Cursor getAllExpensesUser(int user){
String sql = "SELECT * FROM expense WHERE _id IN (SELECT id_expense FROM forwho WHERE id_user = ?)";
String[] arguments = {Integer.toString(user)};
return mDb.rawQuery(sql, arguments);
So bacically the problem is when I am using a variable.
Can anyone see where I am messing it up?
Thank you
It should be WHERE id_user = '" + user + "')";
SQL requires single quotes around data on the right of the equals.
try to replace
String sql = "SELECT * FROM expense WHERE _id IN (SELECT id_expense FROM forwho WHERE id_user = "+ user +")";
with
String sql = new String("SELECT * FROM expense WHERE _id IN (SELECT id_expense FROM forwho WHERE id_user = "+ String.valueOf(user) +")");
EDIT: use String.valueOf instead of Integer.toString

Categories

Resources