diff --git a/src/org/fdroid/fdroid/DB.java b/src/org/fdroid/fdroid/DB.java
index 8e8f37909..e108c6ec1 100644
--- a/src/org/fdroid/fdroid/DB.java
+++ b/src/org/fdroid/fdroid/DB.java
@@ -417,8 +417,9 @@ public class DB {
             // key in sqlite - table must be recreated)
             if (oldVersion < 20) {
                 List<Repo> oldrepos = new ArrayList<Repo>();
-                Cursor c = db.rawQuery("select address, inuse, pubkey from "
-                        + TABLE_REPO, null);
+                Cursor c = db.query(TABLE_REPO,
+                        new String[] { "address", "inuse", "pubkey" },
+                        null, null, null, null, null);
                 c.moveToFirst();
                 while (!c.isAfterLast()) {
                     Repo repo = new Repo();
@@ -525,8 +526,8 @@ public class DB {
         List<String> result = new ArrayList<String>();
         Cursor c = null;
         try {
-            c = db.rawQuery("select distinct category from " + TABLE_APP
-                    + " order by category", null);
+            c = db.query(true, TABLE_APP, new String[] { "category" },
+                    null, null, null, null, "category", null);
             c.moveToFirst();
             while (!c.isAfterLast()) {
                 String s = c.getString(0);
@@ -1017,8 +1018,8 @@ public class DB {
         values.put("compatible", upapk.compatible ? 1 : 0);
         if (oldapk != null) {
             db.update(TABLE_APK, values,
-                    "id = ? and vercode = " + Integer.toString(oldapk.vercode),
-                    new String[] { oldapk.id });
+                    "id = ? and vercode = ?",
+                    new String[] { oldapk.id, Integer.toString(oldapk.vercode) });
         } else {
             db.insert(TABLE_APK, null, values);
         }
@@ -1031,7 +1032,7 @@ public class DB {
         try {
             c = db.query(TABLE_REPO, new String[] { "address", "inuse",
                     "priority", "pubkey", "lastetag" },
-                    "id = " + Integer.toString(id), null, null, null, null);
+                    "id = ?", new String[] { Integer.toString(id) }, null, null, null);
             if (!c.moveToFirst())
                 return null;
             Repo repo = new Repo();
@@ -1053,9 +1054,9 @@ public class DB {
         List<Repo> repos = new ArrayList<Repo>();
         Cursor c = null;
         try {
-            c = db.rawQuery(
-                    "select id, address, inuse, priority, pubkey, lastetag from "
-                            + TABLE_REPO + " order by priority", null);
+            c = db.query(TABLE_REPO, new String[] { "id", "address", "inuse",
+                    "priority", "pubkey", "lastetag" },
+                    null, null, null, null, "priority");
             c.moveToFirst();
             while (!c.isAfterLast()) {
                 Repo repo = new Repo();
@@ -1120,8 +1121,9 @@ public class DB {
                 // connected to it...
                 Cursor c = null;
                 try {
-                    c = db.rawQuery("select id from " + TABLE_REPO
-                            + " where address = '" + address + "'", null);
+                    c = db.query(TABLE_REPO, new String[] { "id" },
+                            "address = ?", new String[] { address },
+                            null, null, null, null);
                     c.moveToFirst();
                     if (!c.isAfterLast()) {
                         db.delete(TABLE_APK, "repo = ?",