tags:

views:

384

answers:

1
+1  Q: 

How is advised to use the contentResolver's delete method to be injection safe?

You can delete with content resolver by URI or by passing some parameters to the where parameter.
How do you make the parameters to be SQL Injection Safe?
Is it possible to use Prepared Statements with ContentResolver?

act.getContentResolver().delete(myuriwithid,null,null);

act.getContentResolver().delete(mybaseuri," name = '"+this.name"'",null);
+1  A: 

Use positional parameters.

public final int delete (Uri url, String where, String[] selectionArgs)

e.g.

ContentResolver cr = ...;
String where = "nameid=?";
String[] args = new String[] { "george" };
cr.delete( Stuff.CONTENT_URI, where, args );
Gavin Bong  2010-02-27 09:01:11
Is this SQL injection safe?
Pentium10  2010-02-27 12:37:35
I don't know. If you don't trust it, you can use SQLiteDatabase.execSQL( "delete .." ) and harden the query yourself.
Gavin Bong  2010-02-28 03:12:45

related questions

Is LINQ to SQL InsertOnSubmit() subject to SQL Injection Attack?
How Can I test my web site for SQL injection attacks?
Storing parts of user data in files for preventing SQL injection
HTTP input filter like mod_security for WebSphere?
Does LINQ's ExecuteCommand provide protection from SQL injection attacks?
Dynamic SQL - Search Query - Variable Number of Keywords
Classic ASP SQL Injection Protection
Comprehensive server-side validation
Can I protect against SQL Injection by escaping single-quote and surrounding user input with single-quotes?
Are PDO prepared statements sufficient to prevent SQL injection?
What's the best method for sanitizing user input with PHP?
Do htmlspecialchars and mysql_real_escape_string keep my PHP code safe from injection?
What percentage of my time will be spent in user input verfication during web development?
Parameterized SQL Columns?
Handling the data in an IN clause, with SQL parameters?
What should you do when coming across a publicly accessible security vulnerability?
binding variables to parameters in ADOdb for PHP
Penetration testing tools
Is there some way to inject SQL even if the ' character is deleted?
How do I programatically sanitise coldfusion cfquery parameters.
Best way to stop SQL Injection in PHP
Inform potential clients about security vulnerabilities?
When is it Best to Sanitize User Input?
What is the best way to avoid SQL injection attacks?
Catching SQL Injection and other Malicious Web Requests