-1

I fail queries with arguments, What am I doing wrong?

I need the following query:

cursor = bd.rawQuery("SELECT * FROM user WHERE user.name=?", new String[]{"%"+nombre+"%"});

I tried the following and they also fail:

cursor = bd.rawQuery("SELECT * FROM user WHERE name=?", new String[]{"%"+nombre+"%"});

cursor = bd.rawQuery("SELECT * FROM user WHERE user.name=?", new String[]{nombre});

This works:

cursor = bd.rawQuery("SELECT * FROM user ", null);

Thanks for your help

Syscall
  • 19,327
  • 10
  • 37
  • 52
user3139428
  • 83
  • 1
  • 2
  • 7

3 Answers3

0

As Mike said in your comments cursor = bd.rawQuery("SELECT * FROM user WHERE name LIKE ? ", new String[]{"%" + nombre + "%"});

or if you really wanna use like this:

cursor = bd.rawQuery("SELECT * FROM user ", null); where second parameter is null.

use escaped string instead:

cursor = bd.rawQuery("SELECT * FROM user WHERE name LIKE '%" + nombre.replaceAll("'","''") + "%' ", null );

or use GLOB like here described.

Community
  • 1
  • 1
Vyacheslav
  • 26,359
  • 19
  • 112
  • 194
-1

Please try this, List out users with name foo.

cursor = bd.rawQuery("SELECT * FROM user WHERE name = ?", new String[] {"foo"});

OR

cursor = bd.rawQuery("SELECT * FROM user WHERE name LIKE ?", new String[] {"foo"});

SQLiteDatabase rawQuery document reference

Bipin Vayalu
  • 3,025
  • 2
  • 25
  • 39
-3

try this

cursor = bd.rawQuery("SELECT * FROM user WHERE name= '%"+ nombre + "%'", null);
Hitesh Gehlot
  • 1,307
  • 1
  • 15
  • 30
  • Apart from pushing someone _away_ from using a parameterised query and into the realm of SQL injection ([obligatory XKCD link](https://xkcd.com/327/)) this still uses `=` instead of `like` (unless OP really has fields with `%Fred%` in them). – TripeHound Apr 06 '17 at 11:18