开发者

Android SQLite, ask about ContentValues

i would like to know if u开发者_如何学JAVAsing the class ContentValue in querys is a good practice in order to prevent SQL injection.

Thanks


Personally, whether you use ContentValues or use regular SQLiteDatabase queries, you cannot be 100% safe from SQL Injections.

With that being said, if you are comfortable using ContentValues its a better practice to escape any user's input, or if you want to use SQLiteDatabase queries look at SQLiteQueryBuilder, it helps structure your query.

If Android offered parameterized queries that would be hands down the best practice to protect against injections. Until then, we'll have to wait and find alternatives.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜