current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote -3 down vote favorite

This question already has an answer here:

String[] whereArgs also present in update function of SQLiteDatabase class, what does it depicts?? I've read the documentation but not getting it,Please help. Thanks in Advance !!

share|improve this question

marked as duplicate by Brian Roach, tbodt, Eran, Raghav Sood, Nirk Aug 19 '13 at 0:38

This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.

2 Answers 2

up vote 7 down vote accepted

As the documentation says, it's used for ? markers in your query string. For example, you might use this:

SQLiteDatabase.delete("users", "user_name = ?", new String[] {"Talib"});

The use of parameter markers is very important for avoiding SQL injection. For example,

SQLiteDatabase.delete("users", "user_name = ?", new String[] {"' OR '' = '"});

will not delete all rows of your table, but if you naively did

SQLiteDatabase.delete("users", "user_name = '" + userName + "'");

and userName was set to "' OR '' = '", that would indeed nuke your whole table.

share|improve this answer
up vote 4 down vote

If your whereClause is of the form somecolumn=?, the first element out of whereArgs will be used to replace the ?. These are called positional parameters. The advantage of using positional parameters is that SQLite will handle quoting the string, escaping any embedded quotes, etc.

share|improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.