String tiaojian = editText.getText().toString();
Log.e("tiaojian", tiaojian + "");
String sql = "select*from shangpin where c_name like'%" + tiaojian + "%'";
// String sql5="select*from shangpin where c_name like ’%"& tiaojian &"%’and c_spell like’%"& tiaojian &"%’and c_gcode like’%"& tiaojian &"%’" ;
Cursor c_test1 = database.rawQuery(sql, null);
while (c_test1.moveToNext()) {
ShangPinBean chaXunDaoShangPin = new ShangPinBean();
String name = c_test1.getString(c_test1.getColumnIndex("c_name"));
String price = c_test1.getString(c_test1.getColumnIndex("c_price"));
String mprice = c_test1.getString(c_test1.getColumnIndex("c_m_price"));
String disprice = c_test1.getString(c_test1.getColumnIndex("c_dis_price"));
chaXunDaoShangPin.setC_name(name);
chaXunDaoShangPin.setC_price(price);
chaXunDaoShangPin.setC_m_price(mprice);
chaXunDaoShangPin.setC_dis_price(disprice);
chaXunShangPinList.add(chaXunDaoShangPin);
myAdapter = new MyAdapter(getActivity(), getActivity(), chaXunShangPinList, mListView);
mListView.setAdapter(myAdapter);
}
c_test1.close();
注销的那段代码总是报错!!!
select * from shanpin where c_name like '%taojian%' and c_spell like '%tiaojian2%' and c_gcode like '%tiaojian3%'
sql拼接容易造成sql注入,建议通过参数方式传入;
举个简单的例子:
String sql = "select*from shangpin where c_name like ? ";
String[] condition = {"%condition%"};
Cursor c_res = database.rawQuery(sql, condition);