How can I turn this code into prepared statement? Java + Android

Question

I am currently working with DIVA application for the android. One of the tasks that I need to do is turning a line of code into a prepared statement to protect it against SQL injection. Could somebody help me please or just give me some instructions? I have tried doing it on my own, although I'm not familiar with Java at all. I understand the idea of prepared statement but I am new into programming and I find it hard to implement it into my code.

public void search(View paramView)
{
    EditText localEditText = (EditText)findViewById(2131493017);
    try
    {
        Cursor localCursor = this.mDB.rawQuery("SELECT * FROM sqliuser WHERE user ='" + localEditText.getText().toString()+"'", null);
        StringBuilder localStringBuilder = new StringBuilder("");
        if (localCursor != null && localCursor.getCount() > 0)
        {

check https://stackoverflow.com/questions/433392/how-do-i-use-prepared-statements-in-sqlite-in-android — Android User, Apr 30 '19 at 10:36

score 0 · Answer 1 · answered Apr 30 '19 at 10:19

0

mDB.rawQuery("SELECT * FROM sqliuser WHERE user = ?",
            new String[] { localEditText.getText() });

answered Apr 30 '19 at 10:19

Joop Eggen

96,344
7
73
121

Thanks, I will try :) – prez Apr 30 '19 at 11:22

How can I turn this code into prepared statement? Java + Android

1 Answers1