Android SQLITE does not execute queries with arguments

Question

I fail queries with arguments, What am I doing wrong?

I need the following query:

cursor = bd.rawQuery("SELECT * FROM user WHERE user.name=?", new String[]{"%"+nombre+"%"});

I tried the following and they also fail:

cursor = bd.rawQuery("SELECT * FROM user WHERE name=?", new String[]{"%"+nombre+"%"});

cursor = bd.rawQuery("SELECT * FROM user WHERE user.name=?", new String[]{nombre});

This works:

cursor = bd.rawQuery("SELECT * FROM user ", null);

Thanks for your help

It looks as though you want to use `LIKE` instead of `=`. – Mike M. Apr 06 '17 at 11:08 — Mike M., Apr 06 '17 at 11:08

score 0 · Answer 1 · edited May 23 '17 at 12:02

As Mike said in your comments cursor = bd.rawQuery("SELECT * FROM user WHERE name LIKE ? ", new String[]{"%" + nombre + "%"});

or if you really wanna use like this:

cursor = bd.rawQuery("SELECT * FROM user ", null); where second parameter is null.

use escaped string instead:

cursor = bd.rawQuery("SELECT * FROM user WHERE name LIKE '%" + nombre.replaceAll("'","''") + "%' ", null );

or use GLOB like here described.

score -1 · Accepted Answer · answered Apr 06 '17 at 12:03

Please try this, List out users with name foo.

cursor = bd.rawQuery("SELECT * FROM user WHERE name = ?", new String[] {"foo"});

OR

cursor = bd.rawQuery("SELECT * FROM user WHERE name LIKE ?", new String[] {"foo"});

SQLiteDatabase rawQuery document reference

score -3 · Answer 3 · answered Apr 06 '17 at 11:10

-3

try this

cursor = bd.rawQuery("SELECT * FROM user WHERE name= '%"+ nombre + "%'", null);

answered Apr 06 '17 at 11:10

Hitesh Gehlot

1,307
1
15
30

Apart from pushing someone _away_ from using a parameterised query and into the realm of SQL injection ([obligatory XKCD link](https://xkcd.com/327/)) this still uses `=` instead of `like` (unless OP really has fields with `%Fred%` in them). – TripeHound Apr 06 '17 at 11:18

Android SQLITE does not execute queries with arguments

3 Answers3