Hi, Mark!

hello, Steve!

how can I help you today?

I wanted to follow up our chat a couple of days ago

I've looked at the database code in EmPubLite and noticed you use raw SQL

Are there good use cases for SQLQueryBuilder and ContentValues, or should I generally prefer raw SQL?

well, ContentValues is dictated more by the operation -- you use that for INSERT and UPDATE

ok

whereas you don't use that for SELECT or other queries, simply because SQLiteDatabase doesn't

right, i get that

with respect to SQLiteQueryBuilder, I'm not a huge fan, outside of perhaps a ContentProvider implementation, but you're welcome to use it

or, use an ORM or ORM-esque layer, like Room from the Architecture Components

ok

(though Room is still an alpha)

i thought maybe SQLiteQueryBuilder would have security advantages over raw SQL (for instance, preventing SQL injection)

no more than positional parameters (the ? stuff) do

ok

SQL injection isn't really a thing for local UIs

ok

if the user wishes to execute a Little Bobby Tables attack against her own copy of the app, that user is slightly deranged, but it's her choice

SQL injection is a much bigger deal when the data is coming from semi-arbitrary outside parties

SQLite's positional parameters aren't designed to deal with SQL injection, but they do a pretty good job of addressing it anyway

ok. it's certainly simpler to go with raw SQL, so I'll look into taking that route

no more questions today. i appreciate your help. thank you!

you're welcome!

have a good rest of the day!

I wish you luck in surviving the zombie apocalypse that Monday's eclipse will surely bring!

thanks for bringing that to me attention! i'll try to get all my Android questions answered before then!