I have searched with the "Debug" option for the error in my application, apparently it is in a SQLite command that I am trying to execute:
Cursor fila = ra_bd.rawQuery("SELECT * FROM Avatar WHERE usuario = " + usuario, null);
I have deleted the statement "WHERE user = " + user" and apparently that worked, but it is necessary to have it... The value of the user variable is "Miguel" (A string), so I have ruled out the possibility that the command does not work due to lack of data, while said user DOES exist in the database.
This is the code of the method I'm using:
public void LeerAvatarBD() {
//Prepara la BD
com.example.apk.sql.ReadApp ra = new com.example.apk.sql.ReadApp(this, "ReadApp", null, 1);
SQLiteDatabase ra_bd = ra.getWritableDatabase();
//Busca los datos en la BD
Cursor fila = ra_bd.rawQuery("SELECT * FROM Avatar WHERE usuario = " + usuario, null);
//Inserta los datos leidos en las variables
if (fila.moveToFirst()) {
piel = fila.getInt(1);
cara = fila.getInt(2);
cabello = fila.getInt(3);
ropa = fila.getInt(4);
accesorio = fila.getInt(4);
} else {
CrearUsuarioBD();
LeerAvatarBD();
}
//Cierra la conexión con la BD
ra_bd.close();
}
And this is the code of the class to connect to the database:
package com.example.apk.sql;
import android.content.Context;
import android.database.sqlite.SQLiteDatabase;
import android.database.sqlite.SQLiteOpenHelper;
import androidx.annotation.Nullable;
public class ReadApp extends SQLiteOpenHelper {
public ReadApp(@Nullable Context context, @Nullable String name, @Nullable SQLiteDatabase.CursorFactory factory, int version) {
super(context, name, factory, version);
}
@Override
public void onCreate(SQLiteDatabase ReadApp) {
ReadApp.execSQL("CREATE TABLE Avatar(usuario text, piel int, cara int, cabello int, ropa int, accesorio int)");
ReadApp.execSQL("CREATE TABLE Progreso(nivel int, actividades int)");
ReadApp.execSQL("CREATE TABLE Cuentas(usuario text, contraseña text, codigo int, rango int, escuela text, clave_cct text)");
}
@Override
public void onUpgrade(SQLiteDatabase sqLiteDatabase, int i, int i1) {
}
}
It's a common mistake, this is the structure of your table:
remember that if the user field stores type data
TEXT
as in this caseusuario
, you must add quotes to indicate that the value is a text string, do it this way:and don't forget to fix a bug when getting cursor values, the field value
accesorio
should have index 5 and not 4:As a user it is of type
.text
I mean Cadena String... so it must''
have .... Try this and tell me if it worked for you.If "user" is the name of a Combobox or a Label , add .text to it like this:
Have you tried using a "prepared statement" . This is how it would look like:
Automatic protection against sql-injection.
It remains to know where the value of the +username+ parameter comes from , I would use a different name from the user field, for example. user me if it comes from a text field as a previous colleague said you can place it. Try this way and comment.
if that doesn't work for you then;