I am currently working with DIVA application for the android. One of the tasks that I need to do is turning a line of code into a prepared statement to protect it against SQL injection. Could somebody help me please or just give me some instructions? I have tried doing it on my own, although I'm not familiar with Java at all. I understand the idea of prepared statement but I am new into programming and I find it hard to implement it into my code.
public void search(View paramView)
{
EditText localEditText = (EditText)findViewById(2131493017);
try
{
Cursor localCursor = this.mDB.rawQuery("SELECT * FROM sqliuser WHERE user ='" + localEditText.getText().toString()+"'", null);
StringBuilder localStringBuilder = new StringBuilder("");
if (localCursor != null && localCursor.getCount() > 0)
{