使用db.query()进行JOIN而不是rawquery()的Android SQLite [英] Android SQLite using db.query() for JOIN instead of rawquery()
问题描述
我有tableA,tableB和tableC 表A和表B通过tableA.Id(PK)= tableB.tableAId(FK)连接在一起 表B和表C通过tableB.Id(PK)= tableC.tableBId(FK)相连
I have tableA, tableB, and tableC table A and tableB are joined by tableA.Id(PK) = tableB.tableAId(FK) table B and tableC are joined by tableB.Id(PK) = tableC.tableBId(FK)
我希望能够做到这一点:
I want to be able to do this:
SELECT c.ALL from tableC c
INNER JOIN tableB b on c.tableBId = b.Id
INNER JOIN tableA a on b.tableAId = a.Id
WHERE a.Id = 108
我在网上发现了许多使用db.rawquery()来实现此查询的帖子.但是我也听说过rawquery()的安全性不如query().因此,为了寻求初学者的最佳实践,我的问题是:
I have found a lot of posts on the web which uses db.rawquery() to implement this query. However I have also heard that rawquery() is less secure than query(). So for the sake of seeking best practice as a beginner, my question is:
有没有一种方法可以使用db.query()而不是db.rawquery()来实现此查询?
Is there a way to implement this query using db.query() instead of db.rawquery()?
提前谢谢.
推荐答案
有没有一种方法可以使用db.query()代替此实现 db.rawquery()?
Is there a way to implement this query using db.query() instead of db.rawquery()?
因此,值得一提的是rawQuery()有助益.但是还存在另一种方法.
So it's worth to say that rawQuery() makes a trick. But also exists another approach.
query()方法设计用于对一张表执行查询. 但是,在SQLite中如何JOIN表的最佳方法是使用
query() method is designed for performing queries over one table. But the best way how to JOIN tables in SQLite is to use SQLiteQueryBuilder and with setTables() method you are able to join.
因此,我建议您使用提到的 SQLiteQueryBuilder .但这与rawQuery()方法相比要复杂得多,在该方法中,您只需要分配raw语句即可.
Hence i recommend you to use mentioned SQLiteQueryBuilder. But it's little more complicated against rawQuery() method where you need to assign only raw statement.
如果不知道如何开始,请查看以下示例:
If don't know how to start, check this example:
rawQuery()的安全性低于query()的事实,因为query()方法使用的预编译语句比原始"语句安全.但是,您始终可以(应该)使用占位符,因为对于SQL注入的主要保护作用以及声明也变得更易于理解,因此可以显着提高声明的安全性.
Is the fact that rawQuery() is less secure than query() because query() method uses precompiled statements which are safer than "raw" statements. But always you can(should) use placeholders which significantly increase safety of statement as main protection against SQL injections and statement becomes much more human-readable as well.
这篇关于使用db.query()进行JOIN而不是rawquery()的Android SQLite的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
