android中的代码(数据库) [英] Code in android (databases)
问题描述
此代码中斜杠的有用(好处)是什么?! db.execSQL(DELETE FROM+TABLE_PRODUCTS+WHERE+ COLUMN_PRODUCTNAME += \+ ProductName +\;);
我尝试过:
此代码中斜杠的有用(好处)是什么?! db.execSQL(DELETE FROM+TABLE_PRODUCTS+WHERE+ COLUMN_PRODUCTNAME += \+ ProductName +\;);
what is useful(benefit) of slash in this code?! "db.execSQL(" DELETE FROM " + "TABLE_PRODUCTS" + "WHERE " + COLUMN_PRODUCTNAME + "=\"" + ProductName + "\";");"
What I have tried:
what is useful(benefit) of slash in this code?! "db.execSQL(" DELETE FROM " + "TABLE_PRODUCTS" + "WHERE " + COLUMN_PRODUCTNAME + "=\"" + ProductName + "\";");"
推荐答案
斜杠是Java字符转义:它表示以下字符是特殊的,不应该具有正常含义。在这种情况下\说'在字符串中插入双引号而不是终止字符串'
The slash is the Java character escape: it means that the following character is special, and should not have it's normal meaning. In this case \" says 'insert a double quote in the string instead of terminating the string'
"A\"B\"C"
会给你一个字符串包含
Would give you a string containing
A"B"C
Java中有几个特殊代码:
There are several "special" codes in Java:
\b Backspace
\f Form feed
\n Newline
\t Tab
\r Carriage return
\" Double quote
\\ Backslash
但是,请帮个忙,不要这样做那!永远不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。
But please, do yourself a favour and don't do it like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
这篇关于android中的代码(数据库)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!