SQLiteDatabase.query method

tableColumns

  • null for all columns as in SELECT * FROM ...
  • new String[] { "column1", "column2", ... } for specific columns as in SELECT column1, column2 FROM ... – you can also put complex expressions here:
    new String[] { "(SELECT max(column1) FROM table1) AS max" } would give you a column named max holding the max value of column1

whereClause

  • the part you put after WHERE without that keyword, e.g. "column1 > 5"
  • should include ? for things that are dynamic, e.g. "column1=?" -> see whereArgs

whereArgs

  • specify the content that fills each ? in whereClause in the order they appear

the others

  • just like whereClause the statement after the keyword or null if you don’t use it.

Example

String[] tableColumns = new String[] {
    "column1",
    "(SELECT max(column1) FROM table2) AS max"
};
String whereClause = "column1 = ? OR column1 = ?";
String[] whereArgs = new String[] {
    "value1",
    "value2"
};
String orderBy = "column1";
Cursor c = sqLiteDatabase.query("table1", tableColumns, whereClause, whereArgs,
        null, null, orderBy);

// since we have a named column we can do
int idx = c.getColumnIndex("max");

is equivalent to the following raw query

String queryString =
    "SELECT column1, (SELECT max(column1) FROM table1) AS max FROM table1 " +
    "WHERE column1 = ? OR column1 = ? ORDER BY column1";
sqLiteDatabase.rawQuery(queryString, whereArgs);

By using the Where/Bind -Args version you get automatically escaped values and you don’t have to worry if input-data contains '.

Unsafe: String whereClause = "column1='" + value + "'";
Safe: String whereClause = "column1=?";

because if value contains a ' your statement either breaks and you get exceptions or does unintended things, for example value = "XYZ'; DROP TABLE table1;--" might even drop your table since the statement would become two statements and a comment:

SELECT * FROM table1 where column1='XYZ'; DROP TABLE table1;--'

using the args version XYZ'; DROP TABLE table1;-- would be escaped to 'XYZ''; DROP TABLE table1;--' and would only be treated as a value. Even if the ' is not intended to do bad things it is still quite common that people have it in their names or use it in texts, filenames, passwords etc. So always use the args version. (It is okay to build int and other primitives directly into whereClause though)

Related Posts:

  1. What is difference between SQLite and SQL
  2. ‘App not Installed’ Error on Android
  3. ‘App not Installed’ Error on Android
  4. Draw a transparent circle onto a filled android canvas
  5. Can’t start Eclipse – Java was started but returned exit code=13
  6. google console error `OR-IEH-01`
  7. Unity remote 5 not working
  8. Error: No toolchains found in the NDK toolchains folder for ABI with prefix: llvm
  9. How to display Toast in Android?
  10. ‘adb’ is not recognized as an internal or external command, operable program or batch file
  11. Flutter pageview : Find first and last page and swipe directions
  12. Enable VT-x in your BIOS security settings (refer to documentation for your computer)
  13. NetworkType.UNMETERED vs NetworkType.METERED – PeriodicWork
  14. Find all Bluetooth devices (headsets, phones etc) nearby, without forcing the devices in discoverable mode
  15. “Default Activity Not Found” on Android Studio upgrade
  16. How to install APK from PC?
  17. how to overcome Android Studio cannot resolve symbol for android classes
  18. ADB Android Device Unauthorized
  19. Why fragments, and when to use fragments instead of activities?
  20. What is the meaning of Log.i()
  21. How to recompile with -Xlint:deprecation
  22. Execution failed app:processDebugResources Android Studio
  23. How can I use adb over WiFi?
  24. Android Emulator Error Message: “PANIC: Missing emulator engine program for ‘x86’ CPUS.”
  25. How to convert int to Integer
  26. Facebook login NullPointerException
  27. “Failed to install the following Android SDK packages as some licences have not been accepted” error
  28. How to use ScrollView in Android?
  29. What is com.google.android.gms.persistent and why is it always using the CPU?
  30. IllegalStateException: Can not perform this action after onSaveInstanceState with ViewPager
  31. How to create a Custom Dialog box in android?
  32. Parcelable encountered IOException writing serializable object getactivity()
  33. Unfortunately Launcher3 has stopped working error in android studio?
  34. onActivityResult() not called
  35. “com.example is restricted” when uploading APK to Play Store
  36. How do we use runOnUiThread in Android?
  37. Android basics: running code in the UI thread
  38. Error getGoogleAppId failed with status: 10 Android KitKat – GCM and Google Drive
  39. Error:Execution failed for task ‘:app:transformClassesWithDexForDebug’
  40. Horizontal ListView in Android?
  41. How do you change the launcher logo of an app in Android Studio?
  42. “Bitmap too large to be uploaded into a texture”
  43. How to add .gif Animation in unity Scene ? Does Unity support Animated GIFS?
  44. How do you close/hide the Android soft keyboard programmatically?
  45. Rotating a view in Android
  46. How to customize a Spinner in Android
  47. Android error “unable to find explicit activity class”
  48. Can not resolve method ‘findViewById(int)’
  49. Cannot resolve symbol ‘context’
  50. Dialog throwing “Unable to add window — token null is not for an application” with getApplication() as context
  51. How to get current time and date in Android
  52. Mipmaps vs. drawable folders
  53. Gradle DSL method not found: ‘compile()’
  54. How to implement onBackPressed() in Fragments?
  55. Does anyone know the what’s causing “Package name is not a valid package name” when adding a new layout?
  56. how to use getSharedPreferences in android
  57. What is the meaning of android.intent.action.MAIN?
  58. Set transparent background of an imageview on Android
  59. How to completely uninstall Android Studio from windows(v10)?
  60. Play sound on button click android
  61. How to make the corners of a button round?
  62. Disable back button in android
  63. How to clear gradle cache?
  64. Converting pixels to dp
  65. ADB error: cannot connect to daemon
  66. How do I download the Android SDK without downloading Android Studio?
  67. Error:com.android.tools.aapt2.Aapt2Exception: AAPT2 error: check logs for details
  68. ClassLoader referenced unknown path: /data/app/
  69. Unknown URL content://downloads/my_downloads
  70. android edittext onchange listener
  71. Difference between getContext() , getApplicationContext() , getBaseContext() and “this”
  72. Determining translationX/Y values for ObjectAnimator; how to move a view to an exact screen position?
  73. adb socket not working and daemon
  74. React Native: JAVA_HOME is not set and no ‘java’ command could be found in your PATH
  75. Installation error: INSTALL_FAILED_OLDER_SDK
  76. Unable to load script from assets index.android.bundle on windows
  77. Android getText from EditText field
  78. Default FirebaseApp is not initialized
  79. How can I create simple accordion with Angular 2?
  80. Error: Could not automatically detect an ADB binary. Some emulator functionality will not work until a custom path to ADB is added in the extended…
  81. How to make layout with rounded corners..?
  82. Warning: Do not place Android context classes in static fields; this is a memory leak (and also breaks Instant Run)
  83. How to solve failed to find build tools revision 26.0.2?
  84. Why is the Android emulator screen blank?
  85. How do I “select Android SDK” in Android Studio?
  86. Reverse engineering from an APK file to a project
  87. Exception ‘open failed: EACCES (Permission denied)’ on Android
  88. How to disable Instant Run for Android Studio 3.0
  89. I can’t find adb_usb.ini file in .android folder?
  90. Android; Check if file exists without creating a new one
  91. What is Activity.finish() method doing exactly?
  92. How to open adb and use it to send commands
  93. Unable to add window — token null is not valid; is your activity running?
  94. How to remove title bar from the android activity?
  95. How to determine the version of Gradle?
  96. Android studio- “SDK tools directory is missing”
  97. Call requires permissions that may be rejected by user
  98. sendUserActionEvent() is null
  99. SDK Location not found in android studio
  100. Android app unable to start activity componentinfo

Leave a Comment