0

I am trying to learn the SQL Database stuff for SQLite using the android. I have seen a couple examples of the Queries....

I have a two part question about sqlite queries in android.

Part 1

Say I want to delete something. and I use the following Query.

db.delete(MY_DB_TABLE, "CustomerName = ?", new String[] { customerName });

what would happen if the Customer name had a bad character in it.

For example. If I use the following Query

db.execSQL("delete from " + MY_DB_TABLE + 
           " where customername = '" + customerName + "';");

and say for this example the name of my customer was "Arby's".

That query would blow up because the ' is a special character and the query would not be formatted correctly.

Part 2

does this format allow me to specify as many paramaters as I want.

Example:

db.delete(MYTABLE, "val1 = ? and val2 != ?", new String[] { "test", "test2" } );
Improve this question

1 Answer 1

Reset to default
1

Please refer to my post here:

Storing Lists to A Database, and Retrieving Them All Together : Android

and short answer to your question, yes.

Each '?' means that an argument will be expected, so for each '?' you WILL have an exact number of arguments to pass in unless you want an exception :) !

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

do you know if the database object safe types the items. omitting out improper sql with safe values for the result. or is that my responsibility as the programmer.
It's your job to capture exceptions and handle them as best as you can. It will throw an exception if its not what it expects.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.