Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
194 views
in Technique[技术] by (71.8m points)

android - 在找到“”的文本中添加\(Add in text where ' is found)

I'm making app, which needs to save post details in SQLite, and that post receives user input, like user text.

(我正在制作应用程序,需要将帖子详细信息保存在SQLite中,并且该帖子会接收用户输入,例如用户文本。)

E/AndroidRuntime: FATAL EXCEPTION: main
Process: pet.adoption.world.solutions, PID: 1500
android.database.sqlite.SQLiteException: near "s": syntax error (Sqlite code 1): , while compiling: INSERT INTO Trading_info_post(NAME , PHONE , EMAIL , TITLE , PUBLISH_DATE,DESCRIPTION , TO_LOCATION , MODE_OF_TRAVEL , AVAILABILITY , DATE_OF_TRAVELING , PLANNED_TIME_COMING_AT_LOCATION , MAP , FROM_LOCATION , PASSING ) VALUES ('19.12.2019 22:00','01.01.2020 15:00','AD','HR,DE','ME','Adoption is a process whereby a person assumes the parenting of another, usually a child, from that person's biological or legal parent or parents. Legal adoptions permanently transfers all rights and responsibilities, along with filiation, from the biological parent or parents. /n In many jurisdictions the adopted person's full original birth certificate is cancelled and replaced with a fabricated post-adoption birth certificate which states that the child was born to the adoptive parents. This deception, when carried out, may continue with the adopted person for life and can be the cause for many well documented traumas experienced by the adopted person, including loss of identity, family history, culture, biological family (including not only biological parents but also siblings and extended family), family medical history and records, and increased risk of suicide, homelessness, incarceration, PTSD, depression, and anxiety. /n Unlike guardianship or other systems designed for the care of the young, adoption is intended to effect a permanent change in status and as such requires societal recognition, either through legal or religious sanction. Historically, some societies have enacted specific laws governing adoption; where others have tried to achieve adoption through less formal means, notably via contracts that specified inheritance rights and parental responsibilities without an accompanying transfer of filiation. Modern systems of adoption, arising in the 20th century, tend to be governed by comprehensive statutes and regulations.','[email protected]','available','MNE - USA','11.11.2019','https://drive.google.com/open?id=1Tbutp40nzFMZE12Nzhqm1VMrceM13cBj&usp=sharing','with car','Igor Lerinc','+38267395564');, (OS error - 2:No such file or directory)
    at android.database.sqlite.SQLiteConnection.nativePrepareStatement(Native Method)
    at android.database.sqlite.SQLiteConnection.acquirePreparedStatement(SQLiteConnection.java:906)
    at android.database.sqlite.SQLiteConnection.prepare(SQLiteConnection.java:517)
    at android.database.sqlite.SQLiteSession.prepare(SQLiteSession.java:588)
    at android.database.sqlite.SQLiteProgram.<init>(SQLiteProgram.java:63)
    at android.database.sqlite.SQLiteStatement.<init>(SQLiteStatement.java:31)
    at android.database.sqlite.SQLiteDatabase.executeSql(SQLiteDatabase.java:1763)
    at android.database.sqlite.SQLiteDatabase.execSQL(SQLiteDatabase.java:1689)
    at pet.adoption.world.solutions.Database.Database.savePost_trading_info(Database.java:101)
    at pet.adoption.world.solutions.Trading_info_posts_details$1$4.onClick(Trading_info_posts_details.java:207)
    at android.view.View.performClick(View.java:5338)
    at android.view.View$PerformClick.run(View.java:21539)
    at android.os.Handler.handleCallback(Handler.java:819)
    at android.os.Handler.dispatchMessage(Handler.java:104)
    at android.os.Looper.loop(Looper.java:210)
    at android.app.ActivityThread.main(ActivityThread.java:5982)
    at java.lang.reflect.Method.invoke(Native Method)
    at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:852)
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:742)

With SQLite i get exception when query is trying to put text in database, because as i found out on this answer it throws me exception because there is ' , so SQL think it is end of statement, so \ needs to be added in front of ' sign to prevent error.

(使用SQLite时,我在查询尝试将文本放入数据库时??遇到异常,因为正如我在此答案中发现的那样由于存在',所以它抛出了异常,因此SQL认为它是语句的末尾,因此需要在\前面添加\ '符号以防止错误。)

How to add \ in front of ' when code detects ' sign.

(当代码检测到'符号时,如何在\前面添加\。)

So, when user click on "Submit" button, to submit it's post, it can look up if there is ' sign, so to put \' .

(因此,当用户单击“提交”按钮以提交它的帖子时,它可以查找是否有“符号,以便放置\”。)

I also tried text without ' and SQL worked fine.

(我也尝试了不带'的文本,并且SQL正常工作。)

  ask by Igor Lerinc translate from so

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

You should be using a PreparedStatement in your code to sanitize input types before entering the query rather than what appears to be plain string concatenation.

(在输入查询之前,应该在代码中使用PreparedStatement清理输入类型,而不要使用纯字符串连接。)

Otherwise, you could try URLEncoder.encode(data)

(否则,您可以尝试URLEncoder.encode(data))

Single quotes are not your only issue, though, as a user could add something like '); DROP TABLE Trading_info_post;

(但是,单引号不是唯一的问题,因为用户可以添加类似'); DROP TABLE Trading_info_post;) '); DROP TABLE Trading_info_post; and clear out the app

(并清除应用程序)


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...