我想从数据库中选择与该名称不匹配的名称,该名称已存在。使用此代码,将引发错误:No such table
public String getRandomAnswer(String correctName){
String randomAnswer;
mDbHelper.initializeDataBase();
try {
mDb = mDbHelper.getWritableDatabase();
String sql = "SELECT Name FROM Cities WHERE Name NOT LIKE " + correctName + " ORDER BY Random() LIMIT 1 ";
Cursor c = mDb.rawQuery(sql, null);
if (c != null) {
if (c.moveToFirst()) {
randomAnswer = c.getString(c.getColumnIndex("Name"));
return randomAnswer;
}
c.close();
}
} catch (Exception ex) {
ex.printStackTrace();
} finally {
try {
mDbHelper.close();
} catch (Exception ex) {
ex.printStackTrace();
} finally {
mDb.close();
}
}
return null;
}
但是如果我直接输入文字String sql = "SELECT Name FROM Cities WHERE Name NOT LIKE 'someOtherName' ORDER BY Random() LIMIT 1 ";比它的作品重要,但不是我想要的。
考虑parameterization而不是字符串连接,因为您需要将变量用单引号引起来。否则,引擎将假定您引用的是列或表标识符。另外,不带通配符的LIKE应该使用等号=。但是,如果需要通配符,请附加到参数。
// PREPARED STATEMENT WITH QMARKS, ?
String sql = "SELECT Name FROM Cities WHERE Name NOT LIKE ? ORDER BY Random() LIMIT 1 ";
// QUERY EXECUTION WITH BINDED VALUE AND WILDCARDS
Cursor c = mDb.rawQuery(sql, new String[]{ '%'+correctName+'%' });