0

I am new to programming for Android devices. I have two activities, in the first activity I send an integer value from the first activity to the second activity.

How can I add this variable in sqlite query which I receive from my first activity?

I want to add booknumber where in query written b=1 I want replace 1 with booknumber

private void setData() {

    Intent mIntent = getIntent();
    int booknumber= mIntent.getIntExtra("booknumber", 0);

    stringArrayList = new ArrayList<>();

    mDBHelper = new DatabaseHelper(this);
    mDb = mDBHelper.getReadableDatabase();

    Cursor cursor = mDb.rawQuery("select DISTINCT c from t_asv where b=1", new String[]{});

    if(cursor!=null && cursor.getCount() > 0)
    {
        if (cursor.moveToFirst())
        {
            do {
                stringArrayList.add(cursor.getString(0));
            } while (cursor.moveToNext());
        }
    }
Jason Aller
  • 3,391
  • 28
  • 37
  • 36
joshua850
  • 3
  • 4

1 Answers1

0

Just Concatenate the int booknumber to your query like below:

int booknumber= mIntent.getIntExtra("booknumber", 0);
...
Cursor cursor = mDb.rawQuery("select DISTINCT c from t_asv where b=" + booknumber, new String[]{});

Update: Its better to use the PreparedStatement / how to use as mentioned by @patrick-hollweck

Writing code like this leaves your app wide open to a sql injection vulnerability and is generally considered a very bad practice

Mohamed Wael
  • 59
  • 5
  • 1
    DO NOT DO THAT! Writing code like this leaves your app wide open to a sql injection vulnerability and is generally considered a **very** bad practice. Use prepared statements instead. – Patrick Hollweck May 05 '19 at 13:39
  • I just wanted to demonstrate to him that he can use the string concatenation as he mentioned that he is new to Android, not to get it complicated in the first steps – Mohamed Wael May 05 '19 at 14:01
  • Mohamed Wael thanks you very i missed stupid concat sign thank saved my day – joshua850 May 05 '19 at 15:09