是什么目的"的String [] whereArgs"在" INT删除(字符串表,字符串whereClause,字符串[] whereArgs)QUOT;功能? [英] What is the purpose of "String[] whereArgs" in "int delete (String table, String whereClause, String[] whereArgs)" function?
问题描述
的String [] whereArgs也是美元SQLiteDatabase类的更新函数p $ psent,这是什么?描述我读过的文档,但没有得到它,请帮助。
在此先感谢!
String[] whereArgs also present in update function of SQLiteDatabase class, what does it depicts?? I've read the documentation but not getting it,Please help. Thanks in Advance !!
推荐答案
<一个href=\"http://developer.android.com/reference/android/database/sqlite/SQLiteDatabase.html#delete%28java.lang.String,%20java.lang.String,%20java.lang.String%5b%5d%29\"相对=nofollow>作为文档说,它是用于
在您的查询字符串标记。例如,您可以使用此:
As the documentation says, it's used for ?
markers in your query string. For example, you might use this:
SQLiteDatabase.delete("users", "user_name = ?", new String[] {"Talib"});
该参数标记的使用是为了避免 SQL注入非常重要的。例如,
SQLiteDatabase.delete("users", "user_name = ?", new String[] {"' OR '' = '"});
不会删除你的表中的所有行,但如果你天真地做
will not delete all rows of your table, but if you naively did
SQLiteDatabase.delete("users", "user_name = '" + userName + "'");
和的userName
设置为'或''='
,那的确会核弹攻击你的整个表
and userName
was set to "' OR '' = '"
, that would indeed nuke your whole table.
这篇关于是什么目的&QUOT;的String [] whereArgs&QUOT;在&QUOT; INT删除(字符串表,字符串whereClause,字符串[] whereArgs)QUOT;功能?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!