Home/ Questions/Q 8822157
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T06:02:07+00:00

Recently, I’ve had a few bugs because of code like this: Cursor myCursor =

  • 0

Recently, I’ve had a few bugs because of code like this:

Cursor myCursor = myDb.rawQuery(
        "SELECT ... " +
        "  FROM ...complicated join... " +
        " WHERE field1 = ? AND (field2 = ? OR field3 = ?) ",
        new String[] {myField1, myField2});   // Oops, forgot about field3

When this happens, the query just silently ignores the missing parameter, causing bugs to go unnoticed. Is there some pedantic setting or anything else that I can use to make SQLite scream (at run-time) when the number of placeholders and the number of fields do not match?

I know that I could build my own wrapper, but I’m wondering if there’s something built-in…

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Android is basically just passing the args unchecked to native sqlite, see http://www.sqlite.org/c3ref/bind_blob.html

    If something is not bound it is simply considered to be bound to NULL. Binding too much should result in an error though

    I don’t know of / have not seen any debug option in Android’s source for that kind of checks but you could probably write some code that checks your sql syntax:

    SQLiteChecker mDbChecked = new SQLiteChecker(mDb);
Cursor c = mDbChecked.rawQuery("select complicated from table where stuff=?",
        new String[] {"one", "two"});

    where SQLiteChecker would be something along the lines of 

    /**
 * Simple Delegate for SQLiteDatabase
 */
public class SQLiteChecker {
    private final SQLiteDatabase mDbDelegate;
    public SQLiteChecker(SQLiteDatabase db) {
        mDbDelegate = db;
    }
    // ------------ Delegate methods --------------------//
    public int delete(String table, String whereClause, String[] whereArgs) {
        checkSQL(whereClause, whereArgs);
        return mDbDelegate.delete(table, whereClause, whereArgs);
    }

    public int update(String table, ContentValues values, String whereClause, String[] whereArgs) {
        checkSQL(whereClause, whereArgs);
        return mDbDelegate.update(table, values, whereClause, whereArgs);
    }

    public void execSQL(String sql, Object[] bindArgs) throws SQLException {
        checkSQL(sql, bindArgs);
        mDbDelegate.execSQL(sql, bindArgs);
    }

    public Cursor rawQuery(String sql, String[] selectionArgs) {
        checkSQL(sql, selectionArgs);
        return mDbDelegate.rawQuery(sql, selectionArgs);
    }

    // add more if you need

    // -------------- checking logic -------------------//
    private static void checkSQL(String query, Object[] args) {
        // bit unreliable but simple:
        // just check if amount of ? matches args.length
        int expected = countChar(query, '?');
        int actual = args != null ? args.length : 0;
        if (expected != actual) {
            Log.e("CHECK", "You seem to have messed up [" + query + "]");
            Log.e("CHECK", "expected:" + expected + " actual:" + actual);
        }
    }

    private static int countChar(String string, char ch) {
        if (string == null) return 0;
        int count = 0;
        for (int i = 0; i < string.length(); i++) {
            if (string.charAt(i) == ch)
                count++;
        }
        return count;
    }
}
    • 0