0

I am trying to learn the SQL Database stuff for SQLite using the android. I have seen a couple examples of the Queries....

I have a two part question about sqlite queries in android.

Part 1

Say I want to delete something. and I use the following Query.

db.delete(MY_DB_TABLE, "CustomerName = ?", new String[] { customerName });

what would happen if the Customer name had a bad character in it.

For example. If I use the following Query

db.execSQL("delete from " + MY_DB_TABLE + 
           " where customername = '" + customerName + "';");

and say for this example the name of my customer was "Arby's".

That query would blow up because the ' is a special character and the query would not be formatted correctly.

Part 2

does this format allow me to specify as many paramaters as I want.

Example:

db.delete(MYTABLE, "val1 = ? and val2 != ?", new String[] { "test", "test2" } );
The Lazy Coder
  • 11,560
  • 4
  • 51
  • 69

1 Answers1

1

Please refer to my post here:

Storing Lists to A Database, and Retrieving Them All Together : Android

and short answer to your question, yes.

Each '?' means that an argument will be expected, so for each '?' you WILL have an exact number of arguments to pass in unless you want an exception :) !

Community
  • 1
  • 1
JoxTraex
  • 13,423
  • 6
  • 32
  • 45
  • do you know if the database object safe types the items. omitting out improper sql with safe values for the result. or is that my responsibility as the programmer. – The Lazy Coder Apr 18 '11 at 23:42
  • It's your job to capture exceptions and handle them as best as you can. It will throw an exception if its not what it expects. – JoxTraex Apr 18 '11 at 23:45