Closed programmerAbc closed 3 years ago
I don't see how this is related to Ormlite? It seems the model's data is what you wrote, so the getter (of the model) returns that value.
I'm not 100% sure what you are asking but I think you need to use the SelectArg
class. Just had another question like this here: https://github.com/j256/ormlite-core/issues/219
If you do a query in the documentation for query arguments or SQL injection you would have seen the docs on this subject: https://ormlite.com/docs/select-arg
In the future if you can use a smaller example, it would help @noordawod and I answer your questions. See: https://stackoverflow.com/help/minimal-reproducible-example
What I encountered was the SQL injection problem that occurred when the user input string (including ') was updated to the database through UpdateBuilder, and SelectArg was the correct way to solve this problem, thank you for your help
This is my code
and the value of
is /storage/emulated/0/Android/data/wudao.com.chinadance.video/files/audio东方舞《EhtartMa'ak》异域风情太柔美了-【单色舞蹈】(成都)晋阳路馆东方舞兴趣班展示(2021991824)21836.mp3
and the sql injection problem is caused by ' in《EhtartMa'ak》 the following code is the sql which generated by UpdateBuilder
and from my research this sql is generated by
com.j256.ormlite.stmt.StatementBuilder.buildStatementString