是什么目的＆QUOT;的String [] whereArgs＆QUOT;在＆QUOT; INT删除（字符串表，字符串whereClause，字符串[] whereArgs）QUOT;功能？ [英] What is the purpose of "String[] whereArgs" in "int delete (String table, String whereClause, String[] whereArgs)" function?

问题描述

的String [] whereArgs也是美元SQLiteDatabase类的更新函数p $ psent，这是什么？描述我读过的文档，但没有得到它，请帮助。
在此先感谢！

String[] whereArgs also present in update function of SQLiteDatabase class, what does it depicts?? I've read the documentation but not getting it,Please help. Thanks in Advance !!

推荐答案

<一个href=\"http://developer.android.com/reference/android/database/sqlite/SQLiteDatabase.html#delete%28java.lang.String,%20java.lang.String,%20java.lang.String%5b%5d%29\"相对=nofollow>作为文档说，它是用于 在您的查询字符串标记。例如，您可以使用此：

As the documentation says, it's used for ? markers in your query string. For example, you might use this:

SQLiteDatabase.delete("users", "user_name = ?", new String[] {"Talib"});

该参数标记的使用是为了避免 SQL注入非常重要的。例如，

SQLiteDatabase.delete("users", "user_name = ?", new String[] {"' OR '' = '"});

不会删除你的表中的所有行，但如果你天真地做

will not delete all rows of your table, but if you naively did

SQLiteDatabase.delete("users", "user_name = '" + userName + "'");

和的userName 设置为'或''='，那的确会核弹攻击你的整个表

and userName was set to "' OR '' = '", that would indeed nuke your whole table.

这篇关于是什么目的＆QUOT;的String [] whereArgs＆QUOT;在＆QUOT; INT删除（字符串表，字符串whereClause，字符串[] whereArgs）QUOT;功能？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！