我想从表中删除与数组中的ID匹配的所有行.我可以通过以下两种方法之一来做到这两点(两者都有效).能否请您建议哪一个更好?
方法1:
public void deleteRec(String[] ids) { //ids is an array
SQLiteDatabase db = this.getWritableDatabase();
db.delete(TABLE_NAME, KEY_ID+" IN (" + new String(new char[ids.length-1]).replace("\0", "?,") + "?)", ids);
db.close();
}
方法2:
public void deleteRec(String[] ids) { //ids is an array
String allid = TextUtils.join(", ", ids);
SQLiteDatabase db = this.getWritableDatabase();
db.execSQL(String.format("DELETE FROM "+TABLE_NAME+" WHERE "+KEY_ID+" IN (%s);", allid));
db.close();
}
忘了第二种方法!
你ids是所有来自数字的字符串(否则SQL会失败),但对于通用字符串数据,将数据传递给SQL语句绝不是一个好主意.使您的应用程序容易受到SQL注入:
String.format("DELETE FROM t WHERE ID='%s', "1' AND 1=1 --")
// = "DELETE FROM t WHERE ID='1' AND 1=1 --'" => would delete all data!
并且可能会使您的SQL语句失败:
String.format("DELETE FROM t WHERE v='%s', "It's me!")
// = "DELETE FROM t WHERE v='It's me!'" => syntactically incorrect (quote not escaped)!
编辑:由于ids作为字符串数组提供,可能KEY_ID引用一INT列,方法1应适用于:
db.delete(TABLE_NAME, "CAST("+KEY_ID+" AS TEXT) IN (" + new String(new char[ids.length-1]).replace("\0", "?,") + "?)", ids);
试试这个也许对你有帮助:
String[] Ids = ......; //Array of Ids you wish to delete.
String whereClause = String.format(COL_NAME + " in (%s)", new Object[] { TextUtils.join(",", Collections.nCopies(Ids.length, "?")) });
db.delete(TABLE_NAME, whereClause, Ids);
| 归档时间: |
|
| 查看次数: |
13847 次 |
| 最近记录: |