Loading core/java/android/content/ContentProvider.java +12 −0 Original line number Diff line number Diff line Loading @@ -1483,6 +1483,12 @@ public abstract class ContentProvider implements ContentInterface, ComponentCall // proper SQL syntax for us. SQLiteQueryBuilder qBuilder = new SQLiteQueryBuilder(); // Guard against SQL injection attacks qBuilder.setStrict(true); qBuilder.setProjectionMap(MAP_OF_QUERYABLE_COLUMNS); qBuilder.setStrictColumns(true); qBuilder.setStrictGrammar(true); // Set the table we're querying. qBuilder.setTables(DATABASE_TABLE_NAME); Loading Loading @@ -1546,6 +1552,12 @@ public abstract class ContentProvider implements ContentInterface, ComponentCall // proper SQL syntax for us. SQLiteQueryBuilder qBuilder = new SQLiteQueryBuilder(); // Guard against SQL injection attacks qBuilder.setStrict(true); qBuilder.setProjectionMap(MAP_OF_QUERYABLE_COLUMNS); qBuilder.setStrictColumns(true); qBuilder.setStrictGrammar(true); // Set the table we're querying. qBuilder.setTables(DATABASE_TABLE_NAME); Loading core/java/android/database/sqlite/SQLiteQueryBuilder.java +9 −0 Original line number Diff line number Diff line Loading @@ -48,6 +48,15 @@ import java.util.regex.Pattern; /** * This is a convenience class that helps build SQL queries to be sent to * {@link SQLiteDatabase} objects. * <p> * This class is often used to compose a SQL query from client-supplied fragments. Best practice * to protect against invalid or illegal SQL is to set the following: * <ul> * <li>{@link #setStrict} true. * <li>{@link #setProjectionMap} with the list of queryable columns. * <li>{@link #setStrictColumns} true. * <li>{@link #setStrictGrammar} true. * </ul> */ public class SQLiteQueryBuilder { private static final String TAG = "SQLiteQueryBuilder"; Loading Loading
core/java/android/content/ContentProvider.java +12 −0 Original line number Diff line number Diff line Loading @@ -1483,6 +1483,12 @@ public abstract class ContentProvider implements ContentInterface, ComponentCall // proper SQL syntax for us. SQLiteQueryBuilder qBuilder = new SQLiteQueryBuilder(); // Guard against SQL injection attacks qBuilder.setStrict(true); qBuilder.setProjectionMap(MAP_OF_QUERYABLE_COLUMNS); qBuilder.setStrictColumns(true); qBuilder.setStrictGrammar(true); // Set the table we're querying. qBuilder.setTables(DATABASE_TABLE_NAME); Loading Loading @@ -1546,6 +1552,12 @@ public abstract class ContentProvider implements ContentInterface, ComponentCall // proper SQL syntax for us. SQLiteQueryBuilder qBuilder = new SQLiteQueryBuilder(); // Guard against SQL injection attacks qBuilder.setStrict(true); qBuilder.setProjectionMap(MAP_OF_QUERYABLE_COLUMNS); qBuilder.setStrictColumns(true); qBuilder.setStrictGrammar(true); // Set the table we're querying. qBuilder.setTables(DATABASE_TABLE_NAME); Loading
core/java/android/database/sqlite/SQLiteQueryBuilder.java +9 −0 Original line number Diff line number Diff line Loading @@ -48,6 +48,15 @@ import java.util.regex.Pattern; /** * This is a convenience class that helps build SQL queries to be sent to * {@link SQLiteDatabase} objects. * <p> * This class is often used to compose a SQL query from client-supplied fragments. Best practice * to protect against invalid or illegal SQL is to set the following: * <ul> * <li>{@link #setStrict} true. * <li>{@link #setProjectionMap} with the list of queryable columns. * <li>{@link #setStrictColumns} true. * <li>{@link #setStrictGrammar} true. * </ul> */ public class SQLiteQueryBuilder { private static final String TAG = "SQLiteQueryBuilder"; Loading
