stackoom
  简体   繁体   中英

Sqlite verify if value of column exists

 原文  2013-03-23 16:04:06       android/ sqlite/ select/ cursor

Question

i'm wondering if this method is right to verify if the value of _username already exists in the column "username" 

public boolean verification(String _username) throws SQLException{
    Cursor c = dataBase.rawQuery("SELECT * FROM "+TABLE_NAME+" WHERE "+KEY_USERNAME+"="+_username, null);
    if (c!=null)
        return true; // return true if the value of _username already exists
    return false; // Return false if _username doesn't match with any value of the columns "Username"
}

Is there a better way to do the same thing, i'm really not sure about this, it seemed right for me. Thanks.

2 answers

solution1
 6  2013-03-23 16:13:51

Beware of SQL injection attacks ! You should always use a parameterized query: 

Cursor c = dataBase.rawQuery("SELECT 1 FROM "+TABLE_NAME+" WHERE "+KEY_USERNAME+"=?", new String[] {_username});

(Honestly I'm not sure how your first query didn't throw an exception since you forgot to wrap the string in quotes...)

Also rawQuery() will always return a Cursor, you must check if the Cursor is empty , not null .

As for "the best" approach, this works fine, but I recommend closing the Cursor to free up resources. All together: 

public boolean verification(String _username) {
    Cursor c = dataBase.rawQuery("SELECT 1 FROM "+TABLE_NAME+" WHERE "+KEY_USERNAME+"=?", new String[] {_username});
    boolean exists = c.moveToFirst();
    c.close();
    return exists;
}

solution2
 2 ACCPTED  2013-03-23 16:14:20

Is there a better way to do the same thing, i'm really not sure about this, it seemed right for me. Thanks.

In the terms of security and purity yes, for sure. 

public boolean verification(String _username) throws SQLException {
    int count = -1;
    Cursor c = null; 
    try {
       String query = "SELECT COUNT(*) FROM " 
                   + TABLE_NAME + " WHERE " + KEY_USERNAME + " = ?"
       c = dataBase.rawQuery(query, new String[] {_username});
       if (c.moveToFirst()) {
          count = c.getInt(0);
       }
       return count > 0;
    }
    finally {
       if (c != null) {
          c.close();
       }
    }
}

I recommend you to an usage of ? that is called placeholder . Each placeholder will be replaced with value from string array in the same order. This is called also parametrized statement as a defence agains SQL injection. When your work with Cursor is finished, release it.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Android SQLite column value does not exists issue How to verify the account name exists or not in SQLite AS SQLite "No such column" when column exists Android Sqlite Column Exists but returned -1 Android SQLite check if value exists Android SQLite Error “no such column”, but column exists Android SQLite can't find column that exists Change a value in a column in sqlite Limiting a value of a column in sqlite Check if value exist in SQLite. If it exists, alert the user that the value exists
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM