preferred way to update sqlite db in android_问答_开发者

preferred way to update sqlite db in android

开发者 https://www.devze.com 2023-02-13 22:37 出处：网络

Which way to use db.update is faster and better in android? ie: construct the entire where clause string along with where clause variable values OR make use of the 4th parameter for update by passing

Which way to use db.update is faster and better in android? ie: construct the entire where clause string along with where clause variable values OR make use of the 4th parameter for update by passing where clause variable values as a string array?

Does passing where clause variable values as a new string array protect against sql injection attacks?

  public boolean UpdateChannelSortKey(Channel c)
  {
        ContentValues cv = new ContentValues();
        cv.put("SortKey", c.SortKey);
        return this.db.update("Channels", cv, "ChannelID = ?", new String[]{String.valueOf(c.ChannelID)}) > 0;
  }

public boolean UpdateChannelSortKey(Channel c)
  {
        ContentValues cv = new ContentValues();
        cv.put("SortKey", c.SortKey);
        return this.db.update("Channels", c开发者_如何学JAVAv, "ChannelID = " + c.ChannelID, null) > 0;
  }

The first way is preferable, because:

1) Yes, it protects against sql-injection attacks.

2) It is better to always use the prepared statements - not in android only, so you will obtain a good habit.

3) IMHO, it has higher readability.