views:

384

answers:

1

You can delete with content resolver by URI or by passing some parameters to the where parameter.
How do you make the parameters to be SQL Injection Safe?
Is it possible to use Prepared Statements with ContentResolver?

act.getContentResolver().delete(myuriwithid,null,null);

act.getContentResolver().delete(mybaseuri," name = '"+this.name"'",null);
+1  A: 

Use positional parameters.

public final int delete (Uri url, String where, String[] selectionArgs)

e.g.

ContentResolver cr = ...;
String where = "nameid=?";
String[] args = new String[] { "george" };
cr.delete( Stuff.CONTENT_URI, where, args );
Gavin Bong
Is this SQL injection safe?
Pentium10
I don't know. If you don't trust it, you can use SQLiteDatabase.execSQL( "delete .." ) and harden the query yourself.
Gavin Bong