Android SQLite, ask about ContentValues | ansaurus

tags:

views:

126

answers:

1

Q:

Android SQLite, ask about ContentValues

Hi,

i would like to know if using the class ContentValue in querys is a good practice in order to prevent SQL injection.

Thanks

+1 A:

Personally, whether you use ContentValues or use regular SQLiteDatabase queries, you cannot be 100% safe from SQL Injections.

With that being said, if you are comfortable using ContentValues its a better practice to escape any user's input, or if you want to use SQLiteDatabase queries look at SQLiteQueryBuilder, it helps structure your query.

If Android offered parameterized queries that would be hands down the best practice to protect against injections. Until then, we'll have to wait and find alternatives.

Anthony Forloney 2010-02-01 23:20:46

related questions

What language do you use for Postgresql triggers and stored procedures?

Are Multiple DataContext classes ever appropriate?

Which tools do people use to create Data Dictionaries?

Any experiences with Protocol Buffers?

Mechanisms for tracking DB schema changes

How big can a MySQL database get before performance starts to degrade.

How do I index a database field

How does database indexing work?

How do I connect to a database and loop over a recordset in C#?

Editing database records by multiple users

Object Oriented vs Relational Databases

VFP .NET OLEdb provider does not work in Win 64-Bits. Help

Embedded Database for .net that can run off a network

Connect PHP to an AS/400

Swap unique indexed column values in database.

cx_Oracle - what is the best way to iterate over a result set?

cx_Oracle - How do I access Oracle from Python?

.NET Migrations Engine

Is there a version control system for database structure changes?

SQLite and XSD

How do I version my MS SQL database in SVN?

XSD DataSets and ignoring foreign keys

Flat File Databases in PHP

Throw Error In MySQL Trigger

Binary Data in MySQL