错误示例:
SQLiteDatabasedb = dbHelper.getWriteableDatabase();
String userQuery= "SELECT lastName FROM useraccounts WHERE userID = "
+request.getParameter("userID");
SQLiteStatementprepStatement = db.compileStatement(userQuery);
StringuserLastname = prepStatement.simpleQueryForString();
推荐做法:
SQLiteDatabasedb = dbHelper.getWriteableDatabase();
String userQuery= "SELECT lastName FROM useraccounts WHERE userID = ?";
SQLiteStatementprepStatement = db.compileStatement(userQuery);
prepStatement.bindString(1,request.getParameter("userID"));
StringuserLastname = prepStatement.simpleQueryForString();