The SQLiteDataBase.insert (String, String, ContentValues) convenience method accepts a ContentValues object that contains all the values โโof the column column that will be inserted into the database. If I use the ContentValues.put() methods to create a ContentValues object to be inserted into the database, does either put() or insert() sanitize the input, or do I need to do it myself?
ContentValues
ContentValues.put()
put()
insert()
Yes, it will protect you from injections. In the source, can you see that insertWithOnConflict (which is called by insert ) uses correctly ? place-holder in SQLiteStatement .
insertWithOnConflict
insert
?
SQLiteStatement
% W will sanitize it with double quotes, but how much sanitation do you want?