Android SQLite strange issue

In my app I have one DB table with that structure: user TEXT | token text

When I'm doing request to check if this user exist in table, like that:

String whereClause = COLU开发者_运维百科MN_USER + "==\"" + userName + "\"";
Cursor c = db.query(TABLE_USERS, new String[]{COLUMN_USER, COLUMN_TOKEN}, whereClause, null, null, null, null);

It works for all users. But if variable userName is "user" I got all records back. Looks like sqllite checks table structure, and return to me all records 'cos name of this column equals to my value that I'm using - user.

I suggest you parameterize the arguments in your where clause:

String whereClause = COLUMN_USER + "=?";
String [] whereArgs = { userName };
Cursor c = db.query(TABLE_USERS, new String[]{COLUMN_USER, COLUMN_TOKEN}, whereClause, whereArgs, null, null, null);

A simple kludge to get rid of this problem would be simply to enclose the query in:

if (userName =! "user") {
//code here
} else {
//open dialog about invalid username
}

Although i'm sure there's a more elegant solution. Input Data sanitizing should be done anyways, and if you're already checking for invalids, maybe just add "user" into the list of rejecteds?