以插入数据为例,有三种方法:
1)直接拼接SQL语句,执行execSQL方法;
2)借用ContentValues进行插入;
3)使用compileStatement进行插入;
1)直接拼接SQL语句,执行execSQL方法
String sql = "create table msgTable(uid INTEGER NOT NULL, msg TEXT NOT NULL)";
db.execSQL(sql);
缺点:存在SQL注入危险;
源码分析:
execSQL 调用关系如下:
public void execSQL(String sql) throws SQLException {
executeSql(sql, null);
}
public void execSQL(String sql, Object[] bindArgs) throws SQLException {
if (bindArgs == null) {
throw new IllegalArgumentException("Empty bindArgs");
}
executeSql(sql, bindArgs);
}
private int executeSql(String sql, Object[] bindArgs) throws SQLException {
if (DatabaseUtils.getSqlStatementType(sql) == DatabaseUtils.ST