How is advised to use the contentResolver's delete method to be injection safe?

android sql-injection android-contentresolver android-sdk-2.1
Pentium10 picture Pentium10 · Feb 27, 2010 · Viewed 12.2k times · Source

You can delete with content resolver by URI or by passing some parameters to the where parameter.

How do you make the parameters to be SQL Injection Safe?
Is it possible to use Prepared Statements with ContentResolver?

act.getContentResolver().delete(myuriwithid,null,null);

act.getContentResolver().delete(mybaseuri," name = '"+this.name"'",null);

Answer

Gavin Bong picture Gavin Bong · Feb 27, 2010

Use positional parameters.

public final int delete (Uri url, String where, String[] selectionArgs)

e.g.

ContentResolver cr = ...;
String where = "nameid=?";
String[] args = new String[] { "george" };
cr.delete( Stuff.CONTENT_URI, where, args );

Related questions

Can't start Eclipse - Java was started but returned exit code=13

I am trying to get my first taste of Android development using Eclipse. I ran into this problem when trying to run Eclipse, having installed version 4.2 only minutes ago. After first trying to start Eclipse without any parameters to specify …

Read More
How do you close/hide the Android soft keyboard using Java?

I have an EditText and a Button in my layout. After writing in the edit field and clicking on the Button, I want to hide the virtual keyboard when touching outside the keyboard. I assume that this is a simple …

Read More
How to get current time and date in Android

How can I get the current time and date in an Android app?

Read More