I have created a sqlite table with two columns -Code and Name and stored data in it. User is provided a searchview to enter code or name and the app show results accordingly.
I am using below query to fetch results-
cursor = db.query(TABLE_SEARCH, columns, COLUMN_CODE + " LIKE '" +
searchText + "%' or " + COLUMN_ NAME + " LIKE '%" + searchText + "%'", null, null, null, null)
But the problem is that doesn’t show results in desired order.
I want to show results in below order-
1.On top show results with the Code exactly matching with the searched text.
2.Below that show results with the Name exactly matching with searched text.
3.Below that show results with the Code starting with the searched text.
4.Below that show results with the Name containing the searched text.
If I run multiple sqlite queries it makes the search slow.How can I accomplish my requirement in best way without affecting performance?
The last argument of the query() method is the ORDER BY clause.
Try conditional sorting:
cursor = db.query(
TABLE_SEARCH,
columns,
COLUMN_CODE + " LIKE '" + searchText + "%' OR " +
COLUMN_ NAME + " LIKE '%" + searchText + "%'",
null,
null,
null,
"CASE " +
"WHEN " + COLUMN_CODE + " = '" + searchText + "' THEN 1 " +
"WHEN " + COLUMN_ NAME + " = '" + searchText + "' THEN 2 " +
"WHEN " + COLUMN_CODE + " LIKE '" + searchText + "%' THEN 3 " +
"WHEN " + COLUMN_ NAME + " LIKE '%" + searchText + "%' THEN 4 " +
"END, " + COLUMN_CODE + ", " + COLUMN_ NAME
)
For better performance, you should set indexes for the columns COLUMN_CODE and COLUMN_ NAME.
Also by concatenating so many strings you risk sql injection.
I hope you do check if searchText contains single quotes and change them to double single quotes, like:
searchText = searchText.replace("'", "''");
Related
On match of the spinner value i need to get directed to another page but i am getting error.
cursor = db.rawQuery("SELECT *FROM " + DataBaseHelper.TABLE_NAME + " WHERE " + DataBaseHelper.COL_2 + "=? AND " + DataBaseHelper.COL_4 + "=? AND " +DataBaseHelper.COL_5 + "=?" , new String[]{uname,pass,Spinnerv1});
I have a web application where 3 inputs are taken from the user and after clicking search button results are displayed. The three inputs are; id (not unique), startdate and enddate. I want to be able to get the results in these situations: If the user enters
only id
only start date (enrolldate in db table)
only end date (graduationdate in db table)
id and start date
when all the fields entered together
In my StudentManager.java class I have a SQL string like below;
final String SQL_STU = " select "
+ " t.name,"
+ " t.surname, "
+ " t.lecture,"
+ " from studenttable t "
+ " where t.school = 'CHC' "
+ " and t.id = case when '" + studentInfo.getID() + "'" +" is null then t.id else '" + studentInfo.getID() + "' end "
+ " and t.enrolldate >= case when '" + studentInfo.getStartDate() + "' is null then t.enrolldate else to_date('"
+ studentInfo.getStartDate() + "', 'DD.MM.YYYY HH24:MI:SS') end "
+ " and t.graduationdate >= case when '" + studentInfo.getEndDate() + "' is null then t.graduationdate else to_date('"
+ studentInfo.getEndDate() + "', 'DD.MM.YYYY HH24:MI:SS') end " ;
I will execute this query and get the results into a result set.
I have a couple of problems with this code; for example when I comment out this part:
+ " and t.enrolldate >= case when '" + studentInfo.getStartDate() + "' is null then t.enrolldate else to_date('"
+ studentInfo.getStartDate() + "', 'DD.MM.YYYY HH24:MI:SS') end "
+ " and t.graduationdate >= case when '" + studentInfo.getEndDate() + "' is null then t.graduationdate else to_date('"
+ studentInfo.getEndDate() + "', 'DD.MM.YYYY HH24:MI:SS') end " ;
It works without errors but when I give all the inputs null (id, date1, date2) it displays nothing. Shouldn't it display all the results since there is no specific id? (User will not be able to submit 3 empty fields but I am curious why it does not work like the way I mentioned? )
The other thing is when I execute the whole code (with to_date parts) it gives the error in the title. But it does not give any error when I execute like this:
final String SQL_STU = " select "
+ " t.name,"
+ " t.surname, "
+ " t.lecture,"
+ " from studenttable t "
+ " where t.school = 'CHC' "
+ " and t.enrolldate >= case when '" + studentInfo.getStartDate() + "' is null then t.enrolldate else to_date('"
+ studentInfo.getStartDate() + "', 'DD.MM.YYYY HH24:MI:SS') end " ;
So in summary I couldn't write the query the way I wanted. I am not that experienced with queries. If you know any better way you can also suggest it since I have come to a dead end. I also tried something with NVL but I could not make it work also.
Notes:
ID, StartDate,EndDate are type string in my StudentInfo.java class
id is type varchar and dates are type date in database table.(PL/SQL)
The best answer to your question is to use a prepared statement:
String sql = "SELECT t.name, t.surname, t.lecture ";
sql += "FROM studenttable t ";
sql += "WHERE t.school = 'CHC' AND "
sql += "t.id = COALESCE(?, t.id) AND ";
sql += "t.entrolldate >= COALESCE(?, t.enrolldate) AND ";
sql += "t.graduationdate >= COALESCE(?, t.graduationdate)";
PreparedStatement ps = conn.prepareStatement(sql);
ps.setInt(1, studentInfo.getID());
ps.setDate(2, studentInfo.getStartDate());
ps.setDate(3, studentInfo.getEndDate());
ResultSet rs = ps.executeQuery();
while (rs.next()) {
// process a row
}
The reason why using a statement is preferred is that it frees you from having to manually marshal your Java date (and other type) variables into your Oracle SQL statement. Instead, the above code lets the JDBC driver worry about how to convert a Java date variable to the correct format in the actual SQL code. Also, statements allow you to write a SQL query with minimal concatenations, which reduces the chances for error and typos.
Note that you might have to call a setter other than PreparedStatement#setDate depending on the what getStartDate() and getEndDate() methods actually return in your Java code.
I have an application that works well. But I suspect that I can improve it if I optimize queries to the database. And I need suggestions.
This is part of my "select query":
private static final String SELECT = "SELECT " +
"dz.first_id AS first_id, " +
"dz._id AS _id, " +
"dz.att1 AS att1, " +
"dz.att2 AS att2, " +
"dz.att3 AS att3, " +
"dz.att4 AS att4, " +
"dz.att5 AS att5, " +
"d.var1 AS var1, " +
"d.name AS name, " +
"d.last_update AS last_update, " +
"d.image_url AS image_url, " +
"d.image_highlighted_url AS image_highlighted_url, " +
"d.var2 AS var2, " +
"d.type AS type, " +
"d.state AS state, " +
"d.sync AS sync, " +
"d.var3 AS var3 " +
"FROM table1 dz INNER JOIN table2 d " +
"ON d._id = dz.first_id ";
Cursor result = conn.rawQuery(SELECT, null);
*table1 and table2 have simple creation: only one _id integer PRIMARY KEY AUTOINCREMENT NOT NULL
It is useful to use views? Any other suggestion?
Thanks.
This query looks as cut and dry and they can get, I think your options are really either to see if you can somehow leave some unnecessary columns out of your select or alternatively to see that both dz.first_id and d._id have indexes setup. Perhaps add a index to dz with the following
CREATE INDEX index1 ON table1 (first_id);
I have some problems with an application developed in Java that uses postgreSQL as a DB. I managed to make a dummy query as follows:
String sql = "INSERT INTO voicemessages (UNIQUEID,MSGNM,DIR,CONTEXT,MACROCONTEXT,CALLERID, ORIGTIME,DURATION, FLAG,MAILBOXUSER,MAILBOXCONTEXT,RECORDING, LABEL, read ) "
+ "VALUES (1, 1, 'dir/dir1/msgs', 'message', 'message', '6001', '15/01/2015 13:31:25', '1:32', 'flag', 'Georgi Georgiev', 'Georgi Georgiev', '12314124', 'some label', false);";
And it works perfect when I execute the statement. A row in the DB is created and I am able to display the data using:
SELECT * FROM voicemessages;
The problem is when I create my own VoiceMail class and when I create an object from this type and put in the query the getters and setters for this object I receive some kind of an error:
org.postgresql.util.PSQLException: ERROR: column "dir" does not exist Hint:There is a column named "dir" in table "voicemessages", but it cannot be referenced from this part of the query.Position: 169
I am trying to insert a row by using and executing this:
String sql = "INSERT INTO voicemessages (UNIQUEID,MSGNM,DIR,CONTEXT,MACROCONTEXT,CALLERID, ORIGTIME,DURATION, FLAG,MAILBOXUSER,MAILBOXCONTEXT,RECORDING, LABEL, read ) "
+ "VALUES (" + message01.getUniqueId() + ", " + message01.getMessageNumber() + ", " + message01.getDirectory() + ", " + message01.getContext() + ", " + message01.getMacroContext() + ", " + message01.getCallerId() + ", " +message01.getOrigTime() + ", " + message01.getDuration() + ", " + message01.getFlag() + ", " + message01.getMailboxUser() + ", " +message01.getMailboxContext() + ", " + message01.getRecording() + ", " + message01.getLabel() + ", " + message01.getRead()+ ");"+" ";
Any help or suggestion is appreciated.
Thank you in advance!
Do not use Direct values use parameters for safety, What happens is that the SQL statement you pass is parsed to prepare and compiled by the database. So by sending the actual SQL separately from the parameters, you limit the risk of SQL injection
Using Derby as my data base driver and tying to execute SQL query through java,
there was a error that was encounter, when tried to execute this particular query
stmt.executeQuery("insert into " + "TEST " + "values (" + dataTimeRev + ", "
+ dataType + "," + obj + ")" );
Here dataTimeRev, dataType and obj are variables with data.
The error that was stated was like this
java.sql.SQLSyntaxErrorException: VALUES clause must contain at least one element. Empty elements are not allowed.
if the column data type is VARCHAR you will have to pass the value in qoutes like 'value' for that you should do as below
String query = "insert into TEST values('"+dataTimeRev+"', '"+dataType+"','"+obj+"')";
stmt.executeQuery(query);
Verify that dataTimeRev, dataType and obj are not null and not blank.
I am not sure if Derby follows SQL syntax. But if the values are of type varchar, then it should be enclosed in single quotes ('). For example:
stmt.executeQuery("insert into " + "TEST " + "values ('" + dataTimeRev + " ', ' "
+ dataType + " ',' " + obj + " ')" );
Try this:
stmt.executeQuery("insert into TEST values ('" + dataTimeRev + "', "'+ dataType + "',"' + obj + "')" );
One of the causes of this error is trying to insert a Type that isn't a String (Date, Double, Integer e.t.c, surrounded by the single quotation mark ''
For example my table was declared like this:
String createTableStatement = "CREATE TABLE PRODUCT"+ "(product_id INTEGER NOT NULL PRIMARY KEY GENERATED ALWAYS AS IDENTITY (START WITH 1, INCREMENT BY 1)," +
"product_name CHAR(80), "+
"price DOUBLE," +
"supplier CHAR(50))";
So I was doing:
statement.executeUpdate("INSERT INTO PRODUCT (PRODUCT_NAME, PRICE, DATE_SUPPLIED, QUANTITY, SUPPLIER) VALUES " +
"('" + productName + "', " + "'" + price + "', " + "'" + supplier +"')");
instead of:
statement.executeUpdate("INSERT INTO PRODUCT (PRODUCT_NAME, PRICE, DATE_SUPPLIED, QUANTITY, SUPPLIER) VALUES " +
"('" + productName + "', " + price + ", " + "'" + supplier +"')");