How is advised to use the contentResolver's delete method to be injection safe?

Pentium10 picture Pentium10 · Feb 27, 2010 · Viewed 12.2k times · Source

You can delete with content resolver by URI or by passing some parameters to the where parameter.

How do you make the parameters to be SQL Injection Safe?
Is it possible to use Prepared Statements with ContentResolver?

act.getContentResolver().delete(myuriwithid,null,null);

act.getContentResolver().delete(mybaseuri," name = '"+this.name"'",null);

Answer

Gavin Bong picture Gavin Bong · Feb 27, 2010

Use positional parameters.

public final int delete (Uri url, String where, String[] selectionArgs)

e.g.

ContentResolver cr = ...;
String where = "nameid=?";
String[] args = new String[] { "george" };
cr.delete( Stuff.CONTENT_URI, where, args );