user3292885
Reputation: 73
Content Values and SQL injection
Does this construction prevent SQL-injection?
ContentValues localContentValues = new ContentValues();
localContentValues.put("some_column", StringFromUser);
localSQLiteDatabase.update("some_table", localContentValues, null, null);
Upvotes: 3
Views: 1063
Answers (1)
laalto
Reputation: 152817
Using ContentValues uses variable binding behind the scenes. So yes, it's not vulnerable to the usual SQL injections.
Upvotes: 3
Related Questions
- Error while inserting data into Database using content values
- Android SQLite - Issue inserting using ContentValue
- Insert into SQLite DB fails using ContentValues
- Improper Neutralization of Special Elements used in an SQL Command
- Android SQLite ContentValues put() method parameters
- Android SQLite ContentValues not inserting
- Is this Android SQL statement vulnerable to SQL injection?
- Android SQLite is empty after inserting ContentValues
- Escaping SQLite INSERT Via ContentValues
- SQL parameterized queries in Android