i would like to know if using the class ContentValue in querys is a good practice in order to prevent SQL injection.
Thanks
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
i would like to know if using the class ContentValue in querys is a good practice in order to prevent SQL injection.
Thanks
Personally, whether you use
ContentValuesor use regularSQLiteDatabasequeries, you cannot be 100% safe from SQL Injections.With that being said, if you are comfortable using
ContentValuesits a better practice to escape any user’s input, or if you want to useSQLiteDatabasequeries look atSQLiteQueryBuilder, it helps structure your query.If Android offered parameterized queries that would be hands down the best practice to protect against injections. Until then, we’ll have to wait and find alternatives.