error occurs when updating a table in sqlite - android

String updateQuery = "UPDATE Bookdetails SET lastchapter = " + test + " WHERE bookpath=" +sentFilename;
db.execSQL(updateQuery);
Error:
03-04 13:36:23.997: I/System.out(9722): android.database.sqlite.SQLiteException:
near "/": syntax error: , while compiling: UPDATE Bookdetails SET lastchapter =
mukund WHERE bookpath=/mnt/sdcard/Download/What's so great about the doctrine of
grace.epub errors happens
the error is posted above
My table contains the field id, bookpath and lastchapter, book path contains the values
/mnt/sdcard/Download/What's so great about the doctrine of grace.epub
/mnt/sdcard/Download/1b4fdaac-f31d-41e8-9d15-26c9078d891f.epub
/mnt/sdcard/Download/Commentary on Romans.epub
and lastchapter contains the values nothing nothing nothing
id contains 1 2 3
why is the error occurring at "/" there is no hash in my update query it is only there at string which stores bookpath? Is this an error?

String literals in SQL need to be in '' quotes.
However, it's better to use ? placeholders for literals like this:
String updateQuery = "UPDATE Bookdetails SET lastchapter=? WHERE bookpath=?";
db.execSQL(updateQuery, new String[] { test, sentFilename });

I believe your lastchapter & bookpath is of type String (TEXT). Hence when you are adding or updating it's value you should always use ' ( Single cot ) around it. Change your query to this,
String updateQuery = "UPDATE Bookdetails SET lastchapter ='" + test + "' WHERE bookpath='" +sentFilename + "'";
db.execSQL(updateQuery);
However, Direct Execution of SQL query is not advisable at developer.android.com hence you can use alternative way like below code,
String updateQuery = "UPDATE Bookdetails SET lastchapter=? WHERE bookpath=?";
db.execSQL(updateQuery, new String[] { test, sentFilename });

Related

SQLite - Match results based on string value issue

I'm currently having an issue with my SQL Lite code with regards to counting matching results. In my application the user will have the ability to add a new folder and give it a name. Before the folder is added to the application my code will check to see if a folder with the same name already exists if so it will prompt the user.
When using my code below I receive an error informing me the column doesn't exist. If I remove everything past WHERE then it works perfectly and counts every record within the table.
I've reinstalled the application and changed the database version so that its completely clean, just to make sure. I'm certain its only something very minor I'm missing.
public int countMatchingFolders (String folderName){
String countQuery = "SELECT * FROM " + Primary_Table + " WHERE " + Col_FolderName + " = " + folderName;
SQLiteDatabase db = this.getReadableDatabase();
Cursor cursor = db.rawQuery(countQuery, null);
int cnt = cursor.getCount();
cursor.close();
return cnt;
}
Error message I'm receiving
android.database.sqlite.SQLiteException: no such column: testFolder (code 1): , while compiling: SELECT * FROM Folder_Table WHERE Col_FolderName = testFolder
Any assistance to help with the issue would be greatly appreciated.
The error is because the string value doesn't have quotes around it, so it is treated as a table name instead of a string. You should use a bound query argument to fix this. Bound arguments also prevent SQL injection attacks:
String countQuery = "SELECT * FROM " + Primary_Table + " WHERE " + Col_FolderName + " = ?";
Cursor cursor = db.rawQuery(countQuery, new String[]{folderName});
Note that you can do "SELECT COUNT(*) as row_count" ... to let the database engine count the number of records more efficiently.

Saving webview geturl and getitle in Sqlite database. Problem with syntax error apostrophe '

When im saving webview.getTitle (); in Sqlite database, if in title has apostrophe ('), then i got error -
android.database.sqlite.SQLiteException: near "at": syntax error (code 1): , while compiling: INSERT INTO Favorite VALUES('4 madhab bid'at tavassul', 'file:///android_asset/web/akaid/4maddhab/4.htm' );
My code like this
mysql objcon = new mysql(this, null, null, 1);
SQLiteDatabase db = objcon.getReadableDatabase();
db.execSQL(
"INSERT INTO Favorite VALUES('"
+ txtnombre.getText()
+ "', '"
+ txtlink2.getText()
+"' );"
);
How to solve this problem?
There is a single quote embedded within txtnombre.getText() : '4 madhab bid'at tavassul'. This causes SQLite to wrongly consider that this quote marks the end of the first value to insert.
To avoid that, you could consider manually doubling the single quotes :
db.execSQL(
"INSERT INTO Favorite VALUES('"
+ txtnombre.getText().replaceAll("'","\''")
+ "', '"
+ txtlink2.getText().replaceAll("'","\''")
+"' );"
);
I would recommend using bind parameters. With this option, your database driver handles escaping behind the hood :
q = "INSERT INTO Favorite VALUES(?, ?)";
t1 = txtnombre.getText();
t2 = txtlink2.getText();
db.rawQuery(q, new String[] { t1, t2 });
Finally, another approach in Android would be to use native method sqlEscapeString(), which is primarily built for this purpose.
Also, as commented by pskink, using insert() would better fit your use case than raw SQL.

What causing java.sql.SQLException: Invalid column name on my Update statement?

This is my android SQL statement
I try to update the allergy table, I encounter a lot of problem
stmt1.executeUpdate("UPDATE [dbo].[allergy]
SET [allergy]= "+allergyname+ ",[reaction] = "+reaction+ ",[notes] =" +notes+ " Where patientID ="+patientId);
no matter what I enter into my "allergyname"
It will say Invalid column name
what is happening?
Your values should be in single quotes. Try below query it will work:
stmt1.executeUpdate("UPDATE [dbo].[allergy]
SET [allergy]= '"+allergyname+ "',[reaction] = '"+reaction+ "',[notes] ='" +notes+ "' Where patientID ="+patientId);
Happy coding!!!!!!!!!!

rawQuery() in Android SQLite not compiling parameters

While trying to implement SQLite storage ran into strange behavior.
The "?"-symbols are not substituted.
My code:
public class DBHandler extends SQLiteOpenHelper {
public void writeTask(JSONObject object) throws JSONException {
SQLiteDatabase db = this.getWritableDatabase();
String id = object.get(OBJECT_ID).toString();
String content = object.toString();
String md5 = "md5"; //testing
Cursor c = db.rawQuery("INSERT OR REPLACE INTO ? ( ? , ? , ? ) VALUES ( ? , ? , ?);", new String[] {TABLE_OBJECTS, OBJECT_ID, OBJECT_CONTENT, OBJECT_MD5, id, content, md5 });
}
}
Then it throws a strange error:
android.database.sqlite.SQLiteException: near "?": syntax error (code 1): , while compiling: INSERT OR REPLACE INTO ? ( ? , ? , ? ) VALUES ( ? , ? , ?);
First mistake corrected, but still not working:
String selectQuery = "INSERT OR REPLACE INTO " + TABLE_OBJECTS + " ("
+ OBJECT_ID + "," + OBJECT_CONTENT + "," + OBJECT_MD5 + ") "
+ "VALUES ( ? , ? , ?);";
String[] args = { id, content, md5 };
Log.d("FP", selectQuery);
Cursor c = db.rawQuery(selectQuery,args);
Now database is untouched after this query. Logs show my query:
INSERT OR REPLACE INTO objects (id,content,md5) VALUES (?,?,?);
Any suggestions?
so, rawQuery() is just for SELECT.
But i still need to do escaping special characters, because content-variable is a stringified JSON and execSQL does not allow this.
You can use ? only for binding literals such as those in your VALUES(), not for identifiers such as table or column names earlier in your SQL.
If you need to use variables for identifiers, use regular string concatenation in Java.
Also note that rawQuery() alone won't execute your SQL. Consider using execSQL() instead.

sqlite.SQLiteException: near "s": syntax error: because of apostrophe

The song name that I want to insert it into my table contains a " ' " (apostrophe )so , there is an error when the request is excuted. How can I fix it
Cursor pid = mDB.rawQuery("select Id FROM MusicPlayer WHERE "Path ='" + sname + "';", null);
I am getting sname runtime so .. sname=/mnt/sdcard/Now Thats What I Call Music 85 [Bubanee]/16 - Let's Get Ready To Rhumble (100% Radio Mix) - PJ & Duncan.mp3
I get below error..
android.database.sqlite.SQLiteException: near "s": syntax error: , while compiling: SELECT Id FROM MusicPlayer WHERE Path ='/mnt/sdcard/Now Thats What I Call Music 85 [Bubanee]/16 - Let's Get Ready To Rhumble (100% Radio Mix) - PJ & Duncan.mp3';
Because sname contain let's word with ' which gives me error.
In theory you could escape ' as '' in SQL.
However, it's better to use variable binding. Replace the string literals in SQL with ? and supply corresponding number of Strings in an array:
Cursor pid = mDB.rawQuery("select Id FROM MusicPlayer WHERE Path = ?;",
new String[] { sname });
you can get details for Sting within comma or someother means use like this cursor.
Cursor cursor = odb.rawQuery("SELECT * FROM " + DATABASE_TABLE + " WHERE " + KEY_ITEM + "=?;", new String[]{comboname});
Thanks laalto sir your answer is work perfectly.

Categories

Resources