android中的代码（数据库） [英] Code in android (databases)

问题描述

此代码中斜杠的有用（好处）是什么？！ db.execSQL（DELETE FROM+TABLE_PRODUCTS+WHERE+ COLUMN_PRODUCTNAME += \+ ProductName +\;）;



我尝试过：



此代码中斜杠的有用（好处）是什么？！ db.execSQL（DELETE FROM+TABLE_PRODUCTS+WHERE+ COLUMN_PRODUCTNAME += \+ ProductName +\;）;

what is useful(benefit) of slash in this code?! "db.execSQL(" DELETE FROM " + "TABLE_PRODUCTS" + "WHERE " + COLUMN_PRODUCTNAME + "=\"" + ProductName + "\";");"

What I have tried:

what is useful(benefit) of slash in this code?! "db.execSQL(" DELETE FROM " + "TABLE_PRODUCTS" + "WHERE " + COLUMN_PRODUCTNAME + "=\"" + ProductName + "\";");"

推荐答案

斜杠是Java字符转义：它表示以下字符是特殊的，不应该具有正常含义。在这种情况下\说'在字符串中插入双引号而不是终止字符串'

The slash is the Java character escape: it means that the following character is special, and should not have it's normal meaning. In this case \" says 'insert a double quote in the string instead of terminating the string'

"A\"B\"C"

会给你一个字符串包含

Would give you a string containing

A"B"C

Java中有几个特殊代码：

There are several "special" codes in Java:

\b   Backspace
\f   Form feed
\n   Newline
\t   Tab
\r   Carriage return
\"   Double quote
\\   Backslash

但是，请帮个忙，不要这样做那！永远不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。请改用参数化查询。

But please, do yourself a favour and don't do it like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

这篇关于android中的代码（数据库）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！