Java 插入中的 SQLite 无法识别的令牌异常
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/19323922/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
SQLite unrecognized token exception in Insert
提问by user2871937
I get unrecognized token errorwhen I try to include the Api_keycolumn and its value in my insert query, otherwise without it, it works fine.
我得到unrecognized token error当我尝试包括Api_key列和我插入查询值,否则没有它,它工作正常。
here's the code:
这是代码:
public void InsertResult(String apikey,String auditid,String crit_id, int current_chap)
{
String s="INSERT OR IGNORE INTO Results(AuditID,CriteriaID,ChapterID,Api_key) VALUES("+auditid+","+crit_id+","+current_chap+","+apikey+")";
sp.execSQL(s);
}
Here's my logcat:
这是我的日志:
10-11 22:45:09.655: E/AndroidRuntime(8124): java.lang.RuntimeException: Unable to start activity ComponentInfo{com.oxtro.trustea/com.oxtro.trustea.ChapterActivity}: android.database.sqlite.SQLiteException: unrecognized token: "3249f6dc" (code 1): , while compiling: INSERT OR IGNORE INTO Results(AuditID,CriteriaID,ChapterID,Api_key) VALUES(1,13,13,3249f6dc-c3ca-4c8d-a4de-df1834c579c4)
回答by bclymer
You should put tick marks around your non-numeric strings.
您应该在非数字字符串周围打勾。
String s="INSERT OR IGNORE INTO Results(AuditID,CriteriaID,ChapterID,Api_key) VALUES("+auditid+","+crit_id+","+current_chap+",`"+apikey+"`)";
Note the ` marks around "apikey"
注意“apikey”周围的`标记
SQLite was seeing the -and getting confused why it wasn't in a string.
SQLite 看到了-为什么它不在字符串中并且感到困惑。
回答by acsadam0404
Apikey is a String so for sql you need to place it inside quotes.
String s="INSERT OR IGNORE INTO Results(AuditID,CriteriaID,ChapterID,Api_key) VALUES("+auditid+","+crit_id+","+current_chap+",'"+apikey+"')";
Apikey 是一个字符串,因此对于 sql,您需要将它放在引号内。
String s="INSERT OR IGNORE INTO Results(AuditID,CriteriaID,ChapterID,Api_key) VALUES("+auditid+","+crit_id+","+current_chap+",'"+apikey+"')";
回答by LS_???
Don't ever hardcode strings in your SQL statements.
永远不要在 SQL 语句中硬编码字符串。
User inputted strings create a SQL injection vulnerability.
用户输入的字符串会造成 SQL 注入漏洞。
Arbitrary strings needs to be parsed fro special characters.
任意字符串需要解析为特殊字符。
SQL APIs normally provide bind methods to allow you to safelly insert arbitrary data in you database.
SQL API 通常提供绑定方法以允许您在数据库中安全地插入任意数据。
In Android SQLite, for INSERTyou may use:
在 Android SQLite 中,INSERT您可以使用:
public void InsertResult(String apikey,String auditid,String crit_id, int current_chap)
{
ContentValues cv=new ContentValues();
cv.put("AuditID", auditid);
cv.put("CriteriaID", crit_id);
cv.put("ChapterID", current_chap);
cv.put("Api_key", apikey);
sp.insert("Results", null, cv);
}
