Mike Mackintosh
Reputation: 14237
Escaping SQLite INSERT Via ContentValues
Does Android's ContentValues when used with database.insert() automatically escape content?
Example:
String message = "This is a sample that doesn't have a single quote";
ContentValues values = new ContentValues();
values.put(DBManagement.MESSAGE, message);
values.put(DBManagement.TIME, (int) (System.currentTimeMillis()/1000));
database.insert(DBManagement.TABLE_NAME, null, values);
It looks like it is automatically escaped at times but not others.
YI, I use rawQuery and parametrize the input to escape and protect against injection in other queries.
What is the deal?
Upvotes: 1
Views: 1493
Answers (1)
Mike Mackintosh
Reputation: 14237
Fixed the issue. For some reason, I had to increase the database version in order to resolve the problem. Once done, the newer DB no longer had an issue.
Also, yes, ContentValues is supposed to escape your content.
Upvotes: 1
Related Questions
- Android SQLite - Issue inserting using ContentValue
- Insert into SQLite DB fails using ContentValues
- Android SQLite ContentValues not inserting
- Single quotes in sqlite on android
- insert string using sqlite in android containing single and double quotes in it
- SQLite: Escaping Special Characters
- Sanitizing sqlite statements
- Content Values and SQL injection
- Getting quoted string using ContentValues for insertOrThrow
- Escape special characters in sqlite