1

I want to execute a sqlite query: 

c =  db.rawQuery("SELECT " + KEY_BOOK_ID+ " , " + KEY_BOOK_CODE  + " , " + KEY_ISBN + " , " +
                 KEY_VOL_NO  + " , " + KEY_BRAND  + " , " + KEY_SKU + " , " + KEY_TITLE +
                 " , " + KEY_PRICE + " , " + KEY_LANG + " , " + KEY_STATUS + " FROM " +
                 BOOKS_TABLE + " WHERE " + KEY_SKU + " IN " + inClause + ";", null);

The values in the in clause need to be taken from an array of strings:

String values[] = {"Singles","5 in 1 series","Childrens Book"};

Following is my error log.

Caused by: android.database.sqlite.SQLiteException: near "1": syntax error (code 1): , while compiling: SELECT book_id , book_code , ISBN , vol_no , brand , sku , title , price , lang , status FROM books_table WHERE sku IN (Singles, 5 in 1 series, Childrens Book); at android.database.sqlite.SQLiteConnection.nativePrepareStatement(Native Method) at android.database.sqlite.SQLiteConnection.acquirePreparedStatement(SQLiteConnection.java:1112) at android.database.sqlite.SQLiteConnection.prepare(SQLiteConnection.java:689) at android.database.sqlite.SQLiteSession.prepare(SQLiteSession.java:588) at android.database.sqlite.SQLiteProgram.(SQLiteProgram.java:58) at android.database.sqlite.SQLiteQuery.(SQLiteQuery.java:37) at android.database.sqlite.SQLiteDirectCursorDriver.query(SQLiteDirectCursorDriver.java:44) at android.database.sqlite.SQLiteDatabase.rawQueryWithFactory(SQLiteDatabase.java:1433) at android.database.sqlite.SQLiteDatabase.rawQuery(SQLiteDatabase.java:1372)

This is the method that I call to get the Json Object.

public JSONObject searchForBooks( )
{
    String values[] = {"Singles","5 in 1 series","Childrens Book"};
    String inClause = Arrays.toString(values);

    //replace the brackets with parentheses
    inClause = inClause.replace("[","(");
    inClause = inClause.replace("]",")");

    SQLiteDatabase db = this.getReadableDatabase();
    Cursor c ;
    c =  db.rawQuery("SELECT " +KEY_BOOK_ID+ " , " + KEY_BOOK_CODE  + " , " + KEY_ISBN +
                " , " + KEY_VOL_NO  + " , " + KEY_BRAND  + " , " + KEY_SKU + " , " +
                KEY_TITLE + " , " + KEY_PRICE+ " , " + KEY_LANG+ " , " + KEY_STATUS
                + " FROM " + BOOKS_TABLE + " WHERE " + KEY_SKU + " IN " + inClause + ";",
                null);

    if (c.moveToFirst()) {
        do {
            JSONObject jobj = new JSONObject();
            try {
                jobj.put("book_id", c.getString(0));
                jobj.put("book_code", c.getString(1));
                jobj.put("ISBN", c.getString(2));
                jobj.put("vol_no", c.getString(3));
                jobj.put("brand", c.getString(4));
                jobj.put("sku", c.getString(5));
                jobj.put("title", c.getString(6));
                jobj.put("price", c.getString(7));
                jobj.put("lang", c.getString(8));
                jobj.put("status", c.getString(9));

                jarr1.put(0, jobj);
                jm1.put("books_info", jarr1);

                Log.d("Selected BOOKS info", jm1.toString());

            } catch (JSONException e) {
                e.printStackTrace();
            }
        } while (c.moveToNext());
    }
    c.close();
    db.close();

    return jm1;
}

Any help or suggestion is appreciated.Thank you.

Improve this question
1
  • MySQL or SQLite? Remove unrelated databases tags please Commented May 10, 2017 at 7:19

1 Answer 1

Reset to default
2

You're missing the quotes around those strings.

I would build the in clause in a slightly different way though

String values[] = {"Singles","5 in 1 series","Childrens Book"};
boolean first = true;
String inClause = "(";

for(String v : values){
    if(first){
        first = false;
    } else {
        inClause += ","
    }
    inClause += "'" + v + "'";
}
inClause += ")";

Edit

To avoid what CL. describes in his comment, you can replace

inClause += "'" + v.replaceAll("'", "''") + "'";

with

inClause += "'" + v + "'";

This way if you have single quotes inside your strings they will be escaped and won't mess the final query up.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

This will blow up when a string contains a quote.
@CL. You're right, and if that array comes from user input it will open other serious issues too (like SQL injection), but from how the existing code is presented I'm assuming OP has some degree of control over that array. I fixed it though
How can one do this but with SQL injection protection?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.