10

You can delete with content resolver by URI or by passing some parameters to the where parameter.

How do you make the parameters to be SQL Injection Safe?
Is it possible to use Prepared Statements with ContentResolver?

act.getContentResolver().delete(myuriwithid,null,null);

act.getContentResolver().delete(mybaseuri," name = '"+this.name"'",null);
Sam
  • 6,961
  • 15
  • 44
  • 63
Pentium10
  • 190,605
  • 114
  • 394
  • 474

1 Answers1

18

Use positional parameters.

public final int delete (Uri url, String where, String[] selectionArgs)

e.g.

ContentResolver cr = ...;
String where = "nameid=?";
String[] args = new String[] { "george" };
cr.delete( Stuff.CONTENT_URI, where, args );
Gavin Bong
  • 786
  • 1
  • 6
  • 6
  • I don't know. If you don't trust it, you can use SQLiteDatabase.execSQL( "delete .." ) and harden the query yourself. – Gavin Bong Feb 28 '10 at 03:12
  • By my tests it *seems* to be SQL injection safe, but I can't see it documented anywhere. – cprcrack Mar 21 '14 at 11:28
  • I just found some useful info, look for "SQL injection" in this page: https://developer.android.com/training/contacts-provider/retrieve-names.html – cprcrack Mar 27 '14 at 18:07