Android SQLite, ask about ContentValues

i would like to know if u开发者_如何学JAVAsing the class ContentValue in querys is a good practice in order to prevent SQL injection.

Thanks

Personally, whether you use ContentValues or use regular SQLiteDatabase queries, you cannot be 100% safe from SQL Injections.

With that being said, if you are comfortable using ContentValues its a better practice to escape any user's input, or if you want to use SQLiteDatabase queries look at SQLiteQueryBuilder, it helps structure your query.

If Android offered parameterized queries that would be hands down the best practice to protect against injections. Until then, we'll have to wait and find alternatives.