Ormlite for Android是否有本地方式转义字符串?
例如,如果我想提供一个字符串:ormlite的escape func,它需要作为ormlite的escape func提供.
TestDao.queryForFirst(TestDao.queryBuilder().where().like("stats", stats)
.prepare())
我尝试使用UpdateBuilder的escapeValue方法,但它只做了以下更改:'ormlite的escape func'.它在语句的开头和结尾添加单引号.是否存在对sql注入安全的转义字符串的原生支持?
如果没有,有什么办法呢?
谢谢!
我正在使用ORM(ORMlite),我的所有调用都进行得很顺利,直到我收到以下错误.
线程"main"中的异常org.h2.jdbc.JdbcSQLException:SQL语句中的语法错误"SELECT*FROM""STORIES""WHERE""TITLE""='Deepcut case leads'not FOLLOWED [*]''"; SQL语句:SELECT*FROM
StoriesWHEREtitle='Deepcut case leads'未跟随org.h2.message.DbException.get处的org.h2.message.DbException.getJdbcSQLException(DbException.java:327)中的'[42000-152] DbException.java:167)org.h2.message.DbException.get(DbException.java:144)org.h2.message.DbException.getSyntaxError(DbException.java:179)atg.h2.command.Parser.getSyntaxError (Parser.java:480)org.h2.command.Parser.prepareCommand(Parser.java:229)org.h2.engine.Session.prepareLocal(Session.java:426)atg.h2.engine.Session. prepare命令(Session.java:374)org.h2.jdbc.JdbcConnection.prepareCommand(JdbcConnection.java:1093)org.h2.jdbc.JdbcPreparedStatement.(JdbcPreparedStatement.java:71)org.h2.jdbc.JdbcConnection. prepare.com(JdbcConnection.java:601)位于com.j256.ormlite.jdbc.JdbcDatabaseConnection.compileStatement(JdbcDatabaseConnection.java:83)的com.j256.ormlite.stmt.mapped.MappedPreparedStmt.compile(MappedPreparedStmt.java:44)at com .j256.ormlite.stmt.StatementExecut com.j256.ormlite.stmt.StatementExecutor.query(StatementExecutor.java:119)中的or.buildIterator(StatementExecutor.java:169)at com.j256.ormlite.dao.BaseDaoImpl.query(BaseDaoImpl.java:189)
我很困惑,哪些是错的.我从这些行调用搜索:
// get our query builder from the DAO
QueryBuilder<Story, Integer> queryBuilder = StoryDao.queryBuilder();
// the 'title' field must be equal to title (a variable)
queryBuilder.where().eq(Story.TITLE_FIELD_NAME, title);
// prepare our sql statement
PreparedQuery<Story> preparedQuery = queryBuilder.prepare();
// query for all stories that have that title
List<Story> accountList = StoryDao.query(preparedQuery);