flutter中如何实现sqflite的in查询?

码云
2020-11-25 09:50

flutter sqflite中实现in查询的方式如下:

 

方式一:直接将参数组合到sql语句中(有sql注入风险)

void main() {
  List<String> a = [];
  a.add("123");
  a.add("444");

  var select = 'SELECT * from employee WHERE name = ? AND id NOT IN (\'' +
          (a.join('\',\'')).toString() + '\')';

  //SELECT * from employee WHERE name = ? AND id NOT IN ('123','444')
  var table = await db.rawQuery(select, ["max"]);
}

 

方式二:使用占位符的方式

void main() {
  List<String> a = [];
  a.add("123");
  a.add("444");

  var select = 'SELECT * from employee WHERE name = ? AND id NOT IN ('+(a.map((e) => '?').join(','))+')';
  //或者('?' * (a.length)).split('').join(', ')})" 得到?,?

  //SELECT * from employee WHERE name = ? AND id NOT IN (?,?)

  a.add('max');
  var table = await db.rawQuery(select, a);
}

 

方式二使用起来更安全。

全部评论