Why is this Java PreparedStatement throwing ArrayI

2019-07-31 16:59发布

问题:

The following method, when called with something like String val = getCell("SELECT col FROM table WHERE LIKE(other_col,'?')", new String[]{"value"}); (this is SQLite), throws a java.lang.ArrayIndexOutOfBoundsException: 0 at org.sqlite.PrepStmt.batch(PrepStmt.java:131). Can anyone take pity on my poor bumbling here and help me with why?

/**
 * Get a string representation of the first cell of the first row returned
 * by <code>sql</code>.
 *
 * @param sql        The SQL SELECT query, that may contain one or more '?'
 *                   IN parameter placeholders.
 * @param parameters A String array of parameters to insert into the SQL.
 * @return           The value of the cell, or <code>null</code> if there
 *                   was no result (or the result was <code>null</code>).
 */
public String getCell(String sql, String[] parameters) {
    String out = null;
    try {
        PreparedStatement ps = connection.prepareStatement(sql);
        for (int i = 1; i <= parameters.length; i++) {
            String parameter = parameters[i - 1];
            ps.setString(i, parameter);
        }
        ResultSet rs = ps.executeQuery();
        rs.first();
        out = rs.getString(1);
        rs.close();
        ps.close();
    } catch (SQLException e) {
        e.printStackTrace();
    }
    return out;
}

The setString() would, in this case, be ps.setString(1, "value") and should not be a problem. Obviously I'm wrong though.

Many thanks in advance.

回答1:

Lose the quotes around the question mark. It should be LIKE(other_col,?). The prepared statement will figure out that you've got a string and add the quote marks itself.

(Does SQLite really do LIKE as a function LIKE(x,y) rather than an operator x LIKE y?)