Preferred way to update sqlite db in android

Question

Preferred way to update sqlite db in android

What is the way to use db.update faster and better on Android? i.e.: build a whole line where where where along with where clause variables or use the 4th parameter to update by passing the values of the sentence variables as a string array?

Is the where variable passed as a new array of strings to protect against SQL injection?

public boolean UpdateChannelSortKey(Channel c) { ContentValues cv = new ContentValues(); cv.put("SortKey", c.SortKey); return this.db.update("Channels", cv, "ChannelID = ?", new String[]{String.valueOf(c.ChannelID)}) > 0; }

OR

 public boolean UpdateChannelSortKey(Channel c) { ContentValues cv = new ContentValues(); cv.put("SortKey", c.SortKey); return this.db.update("Channels", cv, "ChannelID = " + c.ChannelID, null) > 0; }

+4

java performance android sql-injection sqlite

Raj Mar 01 '11 at 12:24

source share

1 answer

Vladimir Ivanov · Accepted Answer · 2011-03-01T12:35:40+0000

The first method is preferable because:

1) Yes, it protects against sql-injection attacks.

2) It is better to always use prepared statements - not only in android, so you will get a good habit.

3) IMHO, it has higher readability.

Preferred way to update sqlite db in android

More articles: