On Thu, Apr 26, 2012 at 12:46 AM, Justin Anderson <magouyaw...@gmail.com> wrote: > You ALWAYS need to guard against SQL injection attacks if you are forming > your query based on user input...
If that "user input" might come from another program, yes (e.g., exported ContentProvider). If the only way queries are executed against your database is via your own UI, a user will be far more likely to simply root their device and get the database that way than to fumble their way through SQL injection on a touchscreen, IMHO. -- Mark Murphy (a Commons Guy) http://commonsware.com | http://github.com/commonsguy http://commonsware.com/blog | http://twitter.com/commonsguy Android Training in NYC: http://marakana.com/training/android/ -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
