6

I am using execSQL on SQLite database. The sql INSERT strnig is 

INSERT INTO Tasks 
(_id, Aircraft, Station, Discrepancy,DateCreated, CreatedBy, Status, DateClosed, ClosedBy, ArrivalFlightID, RecordChangedByUI)  
 VALUES 
('271104','   ','ORD','Critical Flight (0496/28)','9/4/2011 6:57:00 PM','SYSTEM','NEW','','null','0','N')

Table is 

"create table Tasks 
(_id integer primary key, "
+ "Aircraft text null, Station text null, Discrepancy text null, DateCreated text null, CreatedBy text null, Status text null, DateClosed text, ClosedBy text null, ArrivalFlightID text null, RecordChangedByUI text null);";

It's throwing an exception "Empty bindArgs"

Can anybody tell me where I am going wrong ?

Improve this question
4
  • Post the code containing your rawQuery() call please Commented Sep 7, 2011 at 15:42
  • this.database.execSQL(sql, null); Commented Sep 7, 2011 at 15:43
  • String sql = "INSERT INTO Tasks (_id, Aircraft, Station, Discrepancy,DateCreated, CreatedBy, Status, DateClosed, ClosedBy, ArrivalFlightID, RecordChangedByUI) " VALUES ('" + tasks[i]._id + "','" + tasks[i].Aircraft + "','" + tasks[i].Station + "','" + tasks[i].Discrepancy + "','" + tasks[i].DateCreated + "','" + tasks[i].CreatedBy + "','" + tasks[i].Status + "','" + tasks[i].DateClosed + "','" + tasks[i].ClosedBy + "','" + tasks[i].ArrivalFlightID + "','N')"; this.database.execSQL(sql, null); Commented Sep 7, 2011 at 15:44
  • 1
    put it above where it would be readable! Commented Sep 7, 2011 at 16:03

2 Answers 2

Reset to default
11

You can not pass null as second parameter. If you're not using it, just ignore it and it will work:

String sql = "INSERT INTO Tasks (_id, Aircraft, Station, Discrepancy,DateCreated, CreatedBy, Status, DateClosed, ClosedBy, ArrivalFlightID, RecordChangedByUI) " VALUES ('" + tasks[i]._id + "','" + tasks[i].Aircraft + "','" + tasks[i].Station + "','" + tasks[i].Discrepancy + "','" + tasks[i].DateCreated + "','" + tasks[i].CreatedBy + "','" + tasks[i].Status + "','" + tasks[i].DateClosed + "','" + tasks[i].ClosedBy + "','" + tasks[i].ArrivalFlightID + "','N')"; 
this.database.execSQL(sql);

However, the above example is vulnerable - SQL query can be easily injected. All strings passed to the query should be escaped via DatabaseUtils.sqlEscapeString(task[i].something).

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

What if task[i].Station contains a single quote?
All strings should be escaped via DatabaseUtils.sqlEscapeString(task[i].something). I've just copied the SQL query from author's comment. I'll add it to the answer.
8

Try executing database.insert or insertOrThrow. It requires the explicit adding of each field to a ContentValues object, but it is so much neater.

ContentValues insertValues = new ContentValues();
insertValues.put("_id", tasks[i]._id);
... // other fields
long rowId = this.database.insert(DATABASE_TABLE, null, insertValues);
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.