Hi all When using the SQLite functions in the Android API is there a way to escape special character in a string before using it in a query?
I am a little worried about forming queries using code such as "... FIELD=\"" + value + "\" ... " in case the value contains special characters. Not escaping values properly can result in SQL Injection Vulnerabilities is data is from untrusted sources, and we certainly would not want that! Does the whereArgs in the update method call get escaped automatically? Does this apply to Strings passed to ConentValues as well? Thanks Andy --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] Announcing the new M5 SDK! http://android-developers.blogspot.com/2008/02/android-sdk-m5-rc14-now-available.html For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
