Android SQLiteException:绑定或列索引超出范围问题

| 在android中,我正在使用以下语句。
model = dataHelper.rawQuery(\"SELECT _id, engword, lower(engword) as letter FROM word WHERE letter >= \'a\' AND letter < \'{\' AND engword LIKE \'%\" + filterText + \"%\'\", new String[ {\"_id\",\"engword\", \"lower(engword) as letter\"});
android.database.sqlite.SQLiteException: bind or column index out of range: handle 0x132330
我的代码有什么问题?
已邀请:
正确的声明是:
model = dataHelper.rawQuery(\"
    SELECT _id, engword, lower(engword) as letter
    FROM word W
    HERE letter >= \'a\'
    AND letter < \'{\'
    AND engword LIKE ? ORDER BY engword ASC
    \",
    new String[] {\"%\" + filterText + \"%\"}
);
您提供了3个参数,但查询中没有“ 3”。将null而不是字符串数组作为第二个参数传递给
rawQuery
,或将所选字符串中的select5ѭ,
engword
lower(engword) as letter
替换为
?
1)
model = dataHelper.rawQuery(\"SELECT ?, ?, ? FROM word WHERE letter >= \'a\' AND letter < \'{\' AND engword LIKE \'%\" + filterText + \"%\'\",new String[] {\"_id\",\"engword\", \"lower(engword) as letter\"});
2)
model = dataHelper.rawQuery(\"SELECT _id, engword, lower(engword) as letter FROM word WHERE letter >= \'a\' AND letter < \'{\' AND engword LIKE \'%\" + filterText + \"%\'\", null);
编辑: 正如@Ewoks指出的那样,选项(1)是不正确的,因为准备好的语句只能在WHERE子句中获取参数(?s)。
如果有人像我一样尝试(并失败)使它与
getContentResolver().query
一起工作,那么我将如何管理它: *由于@CL和@Wolfram Rittmeyer的评论而更新,因为他们说这与rawQuery相同* 正确方法:
  public static String SELECTION_LIKE_EMP_NAME = Columns.EMPLOYEE_NAME
            + \" like ?\";            

  Cursor c = context.getContentResolver().query(contentUri,
                PROJECTION, SELECTION_LIKE_EMP_NAME, new String[] { \"%\" + query + \"%\" }, null);
先前对SQL注入攻击开放的答案:
public static String SELECTION_LIKE_EMP_NAME = Columns.EMPLOYEE_NAME
            + \" like \'%?%\'\";

String selection = SELECTION_LIKE_EMP_NAME.replace(\"?\", query);

Cursor c = context.getContentResolver().query(contentUri,
            PROJECTION, selection, null, null);

要回复问题请先登录注册