rawQuery比。 database.query [英] rawQuery Vs. database.query
问题描述
均为其在使用rawQuery在查询生成器(反之亦然)?
Are their any advantages in using rawQuery over the Query Builder (or vice versa)?
请问查询生成器,例如,保护再次SQL注入攻击(虽然不是一个大问题,因为与网站,SQL注入+内容提供者可能是一个问题)?或者是其中一个比另一个更快?
Does the Query Builder, for example, protect again SQL Injection attacks (While not a big a problem as with web sites, SQL Injection + a content provider could be an issue)? or is one faster than the other?
我相当满意的SQL(够我需要做的工作),所以我倾向于去rawQuery(我可以读取源$ C $ C容易),但我只是想知道如果我'中号失去了一些东西,可能是有益的。
I'm fairly happy with SQL (enough for what I need to do anyway) and so I tend to go for rawQuery (I can read the source code easier), but I'm just wondering if I'm missing something that could be useful.
推荐答案
这绝对是preferred建立通过提供的方法查询。它不仅保护您免受SQL注入,它也建立了查询你,让你能避免一大堆的字符串连接的,这将使查询字符串的可读性,更容易出错。性能方面,我不认为它使多大的区别。
It's definitely preferred to build a query through the methods provided. Not only does it protect you from SQL injections, it also builds the query for you so you can avoid having a whole bunch of string concatenations that will make the query string less readable and more error prone. Performance-wise I don't think it makes much difference.
这篇关于rawQuery比。 database.query的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
