Parameterize SQL queries

Also eliminate most calls to SQLiteDatabase.rawQuery.
2013-05-27 16:54:56 -07:00 · 2013-05-27 16:54:56 -07:00 · d6f643cb4d
commit d6f643cb4d
parent 020cac971f
1 changed files with 14 additions and 12 deletions
--- a/src/org/fdroid/fdroid/DB.java
+++ b/src/org/fdroid/fdroid/DB.java
@ -417,8 +417,9 @@ public class DB {
            // key in sqlite - table must be recreated)
            if (oldVersion < 20) {
                List<Repo> oldrepos = new ArrayList<Repo>();
-                Cursor c = db.rawQuery("select address, inuse, pubkey from "
-                        + TABLE_REPO, null);
+                Cursor c = db.query(TABLE_REPO,
+                        new String[] { "address", "inuse", "pubkey" },
+                        null, null, null, null, null);
                c.moveToFirst();
                while (!c.isAfterLast()) {
                    Repo repo = new Repo();
@ -525,8 +526,8 @@ public class DB {
        List<String> result = new ArrayList<String>();
        Cursor c = null;
        try {
-            c = db.rawQuery("select distinct category from " + TABLE_APP
-                    + " order by category", null);
+            c = db.query(true, TABLE_APP, new String[] { "category" },
+                    null, null, null, null, "category", null);
            c.moveToFirst();
            while (!c.isAfterLast()) {
                String s = c.getString(0);
@ -1017,8 +1018,8 @@ public class DB {
        values.put("compatible", upapk.compatible ? 1 : 0);
        if (oldapk != null) {
            db.update(TABLE_APK, values,
-                    "id = ? and vercode = " + Integer.toString(oldapk.vercode),
-                    new String[] { oldapk.id });
+                    "id = ? and vercode = ?",
+                    new String[] { oldapk.id, Integer.toString(oldapk.vercode) });
        } else {
            db.insert(TABLE_APK, null, values);
        }
@ -1031,7 +1032,7 @@ public class DB {
        try {
            c = db.query(TABLE_REPO, new String[] { "address", "inuse",
                    "priority", "pubkey", "lastetag" },
-                    "id = " + Integer.toString(id), null, null, null, null);
+                    "id = ?", new String[] { Integer.toString(id) }, null, null, null);
            if (!c.moveToFirst())
                return null;
            Repo repo = new Repo();
@ -1053,9 +1054,9 @@ public class DB {
        List<Repo> repos = new ArrayList<Repo>();
        Cursor c = null;
        try {
-            c = db.rawQuery(
-                    "select id, address, inuse, priority, pubkey, lastetag from "
-                            + TABLE_REPO + " order by priority", null);
+            c = db.query(TABLE_REPO, new String[] { "id", "address", "inuse",
+                    "priority", "pubkey", "lastetag" },
+                    null, null, null, null, "priority");
            c.moveToFirst();
            while (!c.isAfterLast()) {
                Repo repo = new Repo();
@ -1120,8 +1121,9 @@ public class DB {
                // connected to it...
                Cursor c = null;
                try {
-                    c = db.rawQuery("select id from " + TABLE_REPO
-                            + " where address = '" + address + "'", null);
+                    c = db.query(TABLE_REPO, new String[] { "id" },
+                            "address = ?", new String[] { address },
+                            null, null, null, null);
                    c.moveToFirst();
                    if (!c.isAfterLast()) {
                        db.delete(TABLE_APK, "repo = ?",