Android SQLite Wildcards - android

I'm trying to query with a wildcard element to search my SQLite table for entries with an element at any position in a specific variable.
public String[] getCheckoutEntry(String title, String ISBN)
{
//Wild card Syntax
String titleWildCard = "%" + title + "%";
String ISBNWildCard = "%" + ISBN + "%";
//Query
String query = "select USER,AUTHOR,DATE,CALL_NUMBER,COUNT from CHECKOUT where TITLE = ? or ISBN = ? ";
String[] selectionArgs = new String[] {titleWildCard, ISBNWildCard};
Cursor cursor = db.rawQuery(query, selectionArgs);
I've checked half a dozen answers on Stack Overflow already and everyone suggests simply appending a "%" to my variable, as seen above. When I try the above code, my program simply interprets titleWildCard including the % as the search query and tries to find % in the table.
If I take out the "%" then the program runs without issue except that it only searches for the exact term.

Replace = operator with LIKE to make % behave like wildcard:
... where TITLE LIKE ? or ISBN LIKE ?
Reference

Related

Check if column string in database is a substring of a query in sqlite

the current Sqlite syntax can check if a query is a substring of a column string.
and I can do a hack to add a % behind the ? described in https://stackoverflow.com/a/5752671/908821
final String whereClause = DbHelper.COLUMN_URL + " LIKE ? " ;
is there a syntax where i can do the opposite? I want to check if the column string is a substring of a query.
The following code does not seem to work.
final String whereClause = "? LIKE " + DbHelper.COLUMN_URL ;
The following are the rest of my codes:
String[] whereArg = {url};
ContentValues values = new ContentValues();
values.put(DbHelper.COLUMN_LAST_URL, lastUrl);
database.updateWithOnConflict(DbHelper.TABLE_BOOKMARK,
values,
whereClause,
whereArg,
SQLiteDatabase.CONFLICT_IGNORE);
I am trying to update "LastUrl" column if the base url is a subString of a query.
some examples that i like to catch
Base Url (in database) Query
-----------------------------------------------------------------
http://example.com/path http://example.com/path/path2
http://example.com/path?id=0 http://example.com/path?id=0&x=xx
The LIKE operator checks whether the value on the left matches the pattern on the right. So just put the value on the left, and the pattern on the right.
If the pattern needs a % that is not in the database, you have to append it:
SELECT ... WHERE ? LIKE LastUrl || '%' ...

Android dynamic query sql using like

I would make a query using like , using the % and a dynamic string, but i can't do it correctly.
I have a:
public Cursor query(String s)
{
String whereClause=COL_ATTRIBUTI + " like '%?%'";
String[] whereArgs=new String[] {s};
return getWritableDatabase().query(TABELLA_RICETTE,null,whereClause,whereArgs,null,null,null);
}
COL_ATTRIBUTI is the name of a column and TABELLA_RICETTE the name of the table.
I would like to obtain all the thing that have s somewhere, so i use the %. but my app crash. What is the correct syntax?
I think you need to put the % wildcards in the argument if you are using the ? placeholders:
String whereClause = COL_ATTRIBUTI + " like '?'";
String[] whereArgs = new String[] {"%" + s + "%"};

Meaning and Purpose of " = '1' " in ContentResolver Query

String selection = ContactsContract.Contacts.HAS_PHONE_NUMBER " + " = '1''";
String[] selectionArgs = String.valueOf(1);
Why do we put " = '1' " in the Selecion Query ?
and Also the Reason for String.valueOf(1);
You probably meant this:
String selection = ContactsContract.Contacts.HAS_PHONE_NUMBER + " = ?";
String[] selectionArgs = new String[]{String.valueOf(1)};
or this
String selection = ContactsContract.Contacts.HAS_PHONE_NUMBER + " = ?";
String[] selectionArgs = new String[]{"1"};
or this
String selection = ContactsContract.Contacts.HAS_PHONE_NUMBER + " = '1'";
String[] selectionArgs = null;
or just this
String selection = ContactsContract.Contacts.HAS_PHONE_NUMBER + " = 1";
String[] selectionArgs = null;
All four selections have the same results: Contacts that have a phone number.
SQLite (the database type that's used on Android) doesn't support Booleans (see Datatypes in SQLite Version 3), true and false are usually stored as integers 1 and 0. So, to check if a boolean field is true you check if it has the value 1.
Code snippets #1 and #2 use a prepared statement which contains a parameter or placeholder that's replaced with the first value of the selectionArgs array (since it's the first parameter in the query). This is a technique to protect against SQL injection and it often makes your queries better readable.
selectionArgs has to be an array of String values, so the integer value 1 in snippet #1 needs to be converted to a String first (using String.valueOf(int) actually only makes sense if you pass a variable rather than a constant number).
If you don't use any variables in your select statement you can just insert all values into the statement not using placeholders and selectionArgs as in code snippets #3 and #4. Since SQLite is dynamically typed it doesn't matter if you check for equality to 1 or '1', the SQL interpreter will get it right either way.

What is the correct syntax for SELECT statement and WHERE clause?

I am trying to explore android and I just started using SQLite database. I'm wondering on what is the right syntax for selecting a single row from a table, where the row I want to select is from the value entered from a user using editText. Thanks in advance.
I'm going to disagree with both of the answers above. What if the user enters this query:
Bobby Tables'; drop table yourTable;
See: http://xkcd.com/327/
I believe you should do this instead:
String query = "select * from TABLE_NAME WHERE column_name=?";
String[] selection = new String[1];
selection[0] = users_entered_value;
Cursor c = db.rawQuery(query, selection);
ETA: Actually, the more I think about it, the more I think you're going in the wrong direction. If your app depends on a database query returning exactly one unique match to an arbitrary string entered by the user, it's probably going to be broken a great deal of the time.
What you should probably do is something like this:
String query = "select * from TABLE_NAME WHERE column_name LIKE ?";
String[] selection = new String[1];
selection[0] = "%" + users_entered_value + "%";
Cursor c = db.rawQuery(query, selection);
and then iterate through the results and pick a "best" match according to your own criteria.
Also, you should create the table with case-insensitive matching for the column(s) you're going to be searching.
SQLiteDatabase db;
db.rawQuery("select * from yourTable where your_column_name = 'users_entered_value' limit 1", null);
SQLiteDatabase db;
// make connection to your database ;
Cursor c = null ;
String SQL = "select * from TABLE_NAME where column_name='VALUE'";
c = db.rawQuery(SQL);
c contains your result array of query you fired.
You can retrieve values using loop.

SQLite Database Problem while delete

Hi to All I am new to Android.
I am using SQLite DataBase in my Application
meanwhile I am Written Queries using +
Like delete from tablename where value = + value;
this is my query
String delete_query = "delete from " + tableName
+ " where title = '" + title + "'";
database.execSQL(delete_query);
I want to write this Query using placeholder ?.
so that i tried
database.delete(tableName, title + "?" , new String[] {title});
instead "?" i tried (?)/('?')/'?'
but it is giving me an error....
can any one tell me how to write appropriate query using ?.....
Thanks in Advance.
Mahaveer
Make sure you have put the equal sign:-
database.delete(tableName, title + "=?" , new String[] {title});
As far as possible, try to use the less raw queries you can. Two advantages:
Query parameters will be escaped by the system (protection against SQL injection)
The code will be more readable
See the delete function of SQLiteDatabase class
public int delete (String table, String whereClause, String[]
whereArgs)
Convenience method for deleting rows in the
database.
table the table to delete from
whereClause the optional WHERE clause
to apply when deleting. Passing null will delete all rows.
Returns the number of rows affected if a whereClause is passed in, 0
otherwise. To remove all rows and get a count pass "1" as the
whereClause.
In your case:
final String where = "title=?";
final String[] args = new String[] { title };
database.delete(tableName, where, args);

Categories

Resources