r4sas
/
lightning-i2p
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity
Browse Source

Properly escape query strings, fixed crash

master
Anthony Restaino 8 years ago
parent
a0ae42dbb9
commit
cb065d0812
1 changed files with 13 additions and 9 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      app/src/main/java/acr/browser/lightning/database/HistoryDatabase.java

8
app/src/main/java/acr/browser/lightning/database/HistoryDatabase.java
Unescape View File

@ -6,8 +6,10 @@ package acr.browser.lightning.database; @@ -6,8 +6,10 @@ package acr.browser.lightning.database;
import android.content.ContentValues;
import android.content.Context;
import android.database.Cursor;
import android.database.DatabaseUtils;
import android.database.sqlite.SQLiteDatabase;
import android.database.sqlite.SQLiteOpenHelper;
import android.database.sqlite.SQLiteQuery;
import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
@ -151,8 +153,10 @@ public class HistoryDatabase extends SQLiteOpenHelper { @@ -151,8 +153,10 @@ public class HistoryDatabase extends SQLiteOpenHelper {
if (search == null) {
return itemList;
}
String selectQuery = "SELECT * FROM " + TABLE_HISTORY + " WHERE " + KEY_TITLE + " LIKE '%"
+ search + "%' OR " + KEY_URL + " LIKE '%" + search + "%' " + "ORDER BY "
search = DatabaseUtils.sqlEscapeString('%' + search + '%');
String selectQuery = "SELECT * FROM " + TABLE_HISTORY + " WHERE " + KEY_TITLE + " LIKE "
+ search + " OR " + KEY_URL + " LIKE " + search + " ORDER BY "
+ KEY_TIME_VISITED + " DESC LIMIT 5";
Cursor cursor = mDatabase.rawQuery(selectQuery, null);

Write Preview
Loading…
Cancel
Save