STRING in sqlite database query

STRING in sqlite database query - android

When i try to search in row POINTA (text data type in SQLite) and I compare it to a String the program stops. This is the code:
public Cursor getpoints(String start,String end) throws SQLException {
Cursor mCursor = db.query(true, DATABASE_TABLE, new String[] {
KEY_PRIM,
NAME,
POINTA,
POINTA_LANG,
POINTA_LAT,
POINTB,
POINTB_LANG,
POINTB_LAT
},
POINTA +"=" +start,//here is the problem
null,
null,
null,
null,
null);
if (mCursor != null) {
mCursor.moveToFirst();
}
...

Same problem as this, you need single quotes around your start String, i.e.
POINTA + "='" + start + "'",

Related

SQLite in Android: when I pass any name that contains a quote, it throws and error

Adapter.java
public String getID(String i) throws SQLException
{
db=DBHelper.getReadableDatabase();
String ij="No Track Found";
Cursor mCursor =
db.query(true, TABLE, new String[] {KEY_ID}, KEY_NAME + "=" + "'"+i+"'", null,
null, null, null, null);
if (mCursor != null) {
mCursor.moveToFirst();
}
if (mCursor.moveToFirst())
{
ij=mCursor.getString(0);
}
return ij ;
}
The Question is when I pass any song's name that contain "'"(e.g. alexander's blade) , it throws and error. Otherwise all fine.

You should use the selectionArgs parameter:
db.query(true, //distinct
TABLE, //table
new String[] {KEY_ID}, //columns
KEY_NAME + "=?", //selection
new String[] {i}, //selectionArgs
null, //groupBy
null, //having
null, //orderBy
null //limit
);
Using selectionArgs also help to prevent SQL Injection

You need to call your method like this:
Cursor c = bd.query(Constantes.TABELA_APLICATIVO, COLS, "urlandroid = ?", new String[]{url}, null, null, null);
The caracter "?" represents the values on Third parameter(String[]).

android-how to close cursor in a class like this

I have this function inside my dbhelper class :
public Cursor getRow(long rowId) {
String where = KEY_ROWID + "=" + rowId;
Cursor c = db.query(DATABASE_TABLE, ALL_KEYS, where, null, null, null,null, null);
if (c != null) {
c.moveToFirst();
}
return c;
}
when I come to the activity where this class calls, I get this error (Please notice when I enter this activity I get this error not when leaving the activity ):
Finalizing a Cursor that has not been deactivated or closed. database......
Application did not close the cursor or database object that was opened here
it's a very long error .
someone told me to use c.close(); above return c, something like this:
public Cursor getRow(long rowId) {
String where = KEY_ROWID + "=" + rowId;
Cursor c = db.query(DATABASE_TABLE, ALL_KEYS, where, null, null, null,null, null);
if (c != null) {
c.moveToFirst();
}
c.close();
return c;
}
I tried it but now I get this error :
Access closed cursor
What should I do ? How should I close the cursor in this class?

You should close the Cursor in your Activity. like
Cursor c=getRow(rowID_Value);
c.close();
After getting used of your DB you must close this Cursor.

Close the cursor after using getRow function,i.e.
public Cursor getRow(long rowId) {
String where = KEY_ROWID + "=" + rowId;
Cursor c = db.query(DATABASE_TABLE, ALL_KEYS, where, null, null, null,null, null);
if (c != null) {
c.moveToFirst();
}
return c;
}
and use it like this
Cursor c1 = getRow(rowId);
//use cursor
//....
if(c1 != null)c1.close();
Note : rowId is the value of row which you want from database in long format.
Edit
Create Cursor c1; in your activity class.
check first if cursor is not null,then close it.
if(c1 != null)c1.close();
then get cursor as
c1 = getRow(rowId);
And onStop/onDestroy close cursor as
if(c1 != null)c1.close();

hello i have face this same problem i have solve this problem like
when i am query and returning ArrayList or JSON object not cursor
may you need to change your query
public JSONObject getRow(long rowId) {
String where = KEY_ROWID + "=" + rowId;
Cursor c = db.query(DATABASE_TABLE, ALL_KEYS, where, null, null, null,null, null);
if (c!= null & c.moveToFirst()) {
JSONObject jsonObj = new JSONObject();
jsonObj.put("key_Name", c.getString(c.getColumnIndex("your_column_name")));
// do for your all column and return this jsonObj and before returning close cursor
}
c.close();
return jsonObj;
}
this is for only returning one record for retuning set of record i am use this lib
https://github.com/commonsguy/cwac-loaderex
it will manage cursor operation itself and return us sqliteCursorLoader

Error in database class in data fetching query

I am developing a app in android and here i want to fetch data from table according to rowId and subjectId but I am getting this error,
The method query(boolean, String, String[], String, String[], String, String, String, String) in the type SQLiteDatabase is not applicable for the arguments
(boolean, String, String[], String, String, null, null, null, null)
And the here's that query,
public Cursor getText(long rowId, long subId) throws SQLException
{
Cursor mCursor = db.query(true, DATABASE_TABLE, new String[] {
KEY_id, KEY_ques,KEY_correctans,KEY_wrongans1,KEY_wrongans2,KEY_wrongans3,KEY_subject,KEY_subjectid }, KEY_id + "="
+ rowId, KEY_subjectid + "=" + subId,null,null, null,null);
if (mCursor != null)
{
mCursor.moveToFirst();
}
return mCursor;
}
I want to fetch table data as where subId = KEY_subjectid and rowId = KEY_id
If any thing is not clear in this question please ask me. And if its clear please help me..
Thanks in Advance.

Change the query to following:
Cursor mCursor = db.query(true, DATABASE_TABLE, new String[] {
KEY_id, KEY_ques,KEY_correctans,KEY_wrongans1,KEY_wrongans2,KEY_wrongans3,KEY_subject,KEY_subjectid }, KEY_id + "="
+ rowId + " AND " + KEY_subjectid + "=" + subId,null, null,null, null,null);
The 5-th parameter needs to be a String array, not a string the way you have. The 4-th parameter is the WHERE SQLite clause.

Do this way
public Cursor getText(long rowId, long subId) throws SQLException
{
Cursor mCursor = db.rawQuery("select * from "+DATABASE_TABLE+" where KEY_subjectid="+subId+" and KEY_id="+rowId+"",null);
if (mCursor != null)
{
mCursor.moveToFirst();
}
return mCursor;
}

Lowercase in SQLite for Android

I'm now getting problem about how to convert capitalize word to lowercase in SQLite for Android.
public Cursor fetchFunctions(String searchword) throws SQLException {
Cursor mCursor =
mDb.query(true, FUNCTIONS_TABLE, new String[] {
FUNS_WORD, FUNS_BODY}, FUNS_WORD + "='" + searchword + "'", null,
null, null, null, null);
if (mCursor != null) {
mCursor.moveToFirst();
}
return mCursor;
}
I want to conver like LOWER(FUNS_WORD) + "='" + searchword + "'" unfortunately, getting syntax error. What I want is I want to convert all of data in FUNS_WORD to lowercase type.

You'll have to use rawQuery
public Cursor fetchFunctions(String searchword) throws SQLException {
Cursor mCursor =
mDb.rawQuery("SELECT FUNS_WORD, FUNS_BODY FROM FUNCTIONS_TABLE WHERE LOWER(FUNS_WORD) = '" + searchword + "'", null);
if (mCursor != null) {
mCursor.moveToFirst();
}
return mCursor;
}

You can use the LIKE keyword in place of =. The LIKE keyword is case insensitive and can be used in your case without % sign.

There is a SQL injection vulnerably in the query '" + searchword + "'. This could allow an attacker to compromise the database.
Cursors should be wrapped in try/finally blocks to ensure they are always closed upon completion.
public Cursor fetchFunctions(String searchword) throws SQLException {
Cursor cursor = null;
try {
cursor = mDb.rawQuery("SELECT FUNS_WORD, FUNS_BODY FROM FUNCTIONS_TABLE WHERE LOWER(FUNS_WORD) = ?", new String[] { searchword });
if (cursor != null) {
cursor.moveToFirst();
}
} finally {
if (cursor != null) {
cursor.close();
}
}
return cursor;
}

sqlite selection error

I got this code in one of my methods. It should check if the string is already in the database and if it is the db entry gets updated. If it is not there I catch the exception and just create the entry.
String s="hallo";
try {
Cursor c1 = dba.fetchSubject(s);
dba.updateSubject(c1.getLong(c1.getColumnIndex(DbAdapter.KEY_ROWID)), s, t, r);
} catch (SQLException e){
dba.createSubject(s, t, r);
}
The problem is fetchSubject allway throws an Exception.
I use a similar method to get a db entry by a rowId instead of a String, which is working:
public Cursor fetchSubject(long rowId) throws SQLException {
Cursor mCursor = database.query(true, DATABASE_TABLE2, new String[] {
KEY_ROWID, KEY_SUBJECT, KEY_TEACHER, KEY_ROOM}, KEY_ROWID
+ "=" + rowId, null, null, null, null, null);
if (mCursor != null) {
mCursor.moveToFirst();
}
return mCursor;
}
The method called on top:
public Cursor fetchSubject(String subject) throws SQLException {
Cursor mCursor = database.query(true, DATABASE_TABLE2, new String[] {
KEY_ROWID, KEY_SUBJECT, KEY_TEACHER, KEY_ROOM}, KEY_SUBJECT
+ "=" + subject, null, null, null, null, null);
if (mCursor != null) {
mCursor.moveToFirst();
}
return mCursor;
}
The error:
sqlite returned: error code = 1, msg = no such column: hallo
I don't know where my error is. Isn't it possible to use a string at the selection parameter?

Try adding single quotes around hallo
String s = "'hallo'";
Essentially what you're doing is telling your query: select blah blah blah from TABLE where subject = hallo. Since hallo isn't surrounded by quotes, it is trying to find a variable / column with that name. When we surround it with quotes, we are saying that we are looking for the string within these quotes, rather than a variable.
Think of it like normal programming..
String s = hallo;
is completely different than
String s = "hallo";

Develop Reference

The Android operating system is a mobile operating system that was developed by Google (GOOGL?) to be primarily used for touchscreen devices, cell phones, and tablets.

STRING in sqlite database query - android

Same problem as this, you need single quotes around your start String, i.e. POINTA + "='" + start + "'",

Related

SQLite in Android: when I pass any name that contains a quote, it throws and error

android-how to close cursor in a class like this

Error in database class in data fetching query

Lowercase in SQLite for Android

sqlite selection error

Categories

Resources