SELECT WHERE sql查询
问题描述:
我试图在现有数据库中匹配用户名和密码,并且在写入SQL查询时被困在那一点。SELECT WHERE sql查询
String selectQuery = "SELECT * FROM "+ TABLE_NAME +" WHERE "+COLUMN_USERNAME + " = '"+usrname+"' AND "+COLUMN_PASSWD+" = '"+passwd+"' ";
//COLUMN_USERNAME is the column name which stores username COLUMN_PASSWD is column storing password
Cursor cursor = database.rawQuery(selectQuery, null);
你可以尝试使用AccountManager一流为宗旨:
Cursor cursor = db.rawQuery("Select " + dbh.name + dbh.pass
+ " from tablename where" +dbh.name +"="+ e1.getText().toString()+";", null);
答
您可以使用的东西如下,但强烈建议不要这么做。有些问题涉及如何存储用户名和密码。你应该结帐以下主题:
1)Android: Storing username and password?
2)Is it safe to store username + passwords in a local SQLite db in Android?
希望这有助于。
+0
感谢你的建议 – 2013-05-04 09:26:34
答
编辑您的代码如下:
Cursor cursor = db.rawQuery("Select " + dbh.name + dbh.pass
+ " from tablename where " +dbh.name +"='"+ e1.getText().toString()+"'", null);
答
dbh.name + dbh.pass意味着什么?这是不同的列吗?如果是,那么你必须通过这两个列名用逗号一样,
dbh.name +","+ dbh.pass
,并触发select查询一样,
SELECT "+ dbh.name+","+dbh.pass +" FROM TABLE_NAME WHERE dbh.name=?", new String [] { e1.getText().toString() });
希望这将解决您的问题:)
这将导致SQL注入。 – 2013-05-04 07:38:43
好吧为你祈祷 – Freak 2013-05-04 07:38:56