6

I am using execSQL on SQLite database. The sql INSERT strnig is 

INSERT INTO Tasks (_id, Aircraft, Station, Discrepancy,DateCreated, CreatedBy, Status, DateClosed, ClosedBy, ArrivalFlightID, RecordChangedByUI) VALUES ('271104',' ','ORD','Critical Flight (0496/28)','9/4/2011 6:57:00 PM','SYSTEM','NEW','','null','0','N')

Table is 

"create table Tasks (_id integer primary key, " + "Aircraft text null, Station text null, Discrepancy text null, DateCreated text null, CreatedBy text null, Status text null, DateClosed text, ClosedBy text null, ArrivalFlightID text null, RecordChangedByUI text null);";

It's throwing an exception "Empty bindArgs"

Can anybody tell me where I am going wrong ?

Improve this question
4
  • Post the code containing your rawQuery() call please Commented Sep 7, 2011 at 15:42
  • this.database.execSQL(sql, null); Commented Sep 7, 2011 at 15:43
  • String sql = "INSERT INTO Tasks (_id, Aircraft, Station, Discrepancy,DateCreated, CreatedBy, Status, DateClosed, ClosedBy, ArrivalFlightID, RecordChangedByUI) " VALUES ('" + tasks[i]._id + "','" + tasks[i].Aircraft + "','" + tasks[i].Station + "','" + tasks[i].Discrepancy + "','" + tasks[i].DateCreated + "','" + tasks[i].CreatedBy + "','" + tasks[i].Status + "','" + tasks[i].DateClosed + "','" + tasks[i].ClosedBy + "','" + tasks[i].ArrivalFlightID + "','N')"; this.database.execSQL(sql, null); Commented Sep 7, 2011 at 15:44
  • 1
    put it above where it would be readable! Commented Sep 7, 2011 at 16:03

2 Answers 2

Reset to default
11

You can not pass null as second parameter. If you're not using it, just ignore it and it will work:

String sql = "INSERT INTO Tasks (_id, Aircraft, Station, Discrepancy,DateCreated, CreatedBy, Status, DateClosed, ClosedBy, ArrivalFlightID, RecordChangedByUI) " VALUES ('" + tasks[i]._id + "','" + tasks[i].Aircraft + "','" + tasks[i].Station + "','" + tasks[i].Discrepancy + "','" + tasks[i].DateCreated + "','" + tasks[i].CreatedBy + "','" + tasks[i].Status + "','" + tasks[i].DateClosed + "','" + tasks[i].ClosedBy + "','" + tasks[i].ArrivalFlightID + "','N')"; this.database.execSQL(sql);

However, the above example is vulnerable - SQL query can be easily injected. All strings passed to the query should be escaped via DatabaseUtils.sqlEscapeString(task[i].something).

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

What if task[i].Station contains a single quote?
All strings should be escaped via DatabaseUtils.sqlEscapeString(task[i].something). I've just copied the SQL query from author's comment. I'll add it to the answer.
8

Try executing database.insert or insertOrThrow. It requires the explicit adding of each field to a ContentValues object, but it is so much neater.

ContentValues insertValues = new ContentValues(); insertValues.put("_id", tasks[i]._id); ... // other fields long rowId = this.database.insert(DATABASE_TABLE, null, insertValues);
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.