在SQLITE中删除多行(android)
发布时间:2020-12-12 23:44:00 所属栏目:百科 来源:网络整理
导读:我想从表中删除与数组中的ID匹配的所有行.我可以通过以下两种方法之一来做到这两点(两者都有效).能否请您建议哪一个更好? 方法1: public void deleteRec(String[] ids) { //ids is an array SQLiteDatabase db = this.getWritableDatabase(); db.delete(TA
|
我想从表中删除与数组中的ID匹配的所有行.我可以通过以下两种方法之一来做到这两点(两者都有效).能否请您建议哪一个更好?
方法1: public void deleteRec(String[] ids) { //ids is an array
SQLiteDatabase db = this.getWritableDatabase();
db.delete(TABLE_NAME,KEY_ID+" IN (" + new String(new char[ids.length-1]).replace("�","?,") + "?)",ids);
db.close();
}
方法2: public void deleteRec(String[] ids) { //ids is an array
String allid = TextUtils.join(",",ids);
SQLiteDatabase db = this.getWritableDatabase();
db.execSQL(String.format("DELETE FROM "+TABLE_NAME+" WHERE "+KEY_ID+" IN (%s);",allid));
db.close();
}
忘了第二种方法!
你的id都是来自数字的字符串(否则SQL会失败),但对于通用字符串数据,将数据传递给SQL语句绝不是一个好主意.使您的应用程序容易受到SQL注入: String.format("DELETE FROM t WHERE ID='%s',"1' AND 1=1 --")
// = "DELETE FROM t WHERE ID='1' AND 1=1 --'" => would delete all data!
并且可能会使您的SQL语句失败: String.format("DELETE FROM t WHERE v='%s',"It's me!")
// = "DELETE FROM t WHERE v='It's me!'" => syntactically incorrect (quote not escaped)!
编辑:由于ID作为字符串数组提供,KEY_ID可能是INT列,方法1应适用于: db.delete(TABLE_NAME,"CAST("+KEY_ID+" AS TEXT) IN (" + new String(new char[ids.length-1]).replace("�",ids); (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |