commit 17aa1b7ac799e308e3724f8c4170620c846dcc09
author Makoto Onuki <omakoto@google.com> Wed Dec 16 14:02:01 2015 -0800
committer Makoto Onuki <omakoto@google.com> Wed Dec 16 14:18:28 2015 -0800
tree 904c361ff2f32cd36d239d49b78b817161492c9c
parent 5ad34c3e5b2328d1dbecfb83c69f3fe44b9ff832

Add SQLiteDatabase.validateSql()

This API checks the SQL syntax by compiling it.  This is useful to
detect SQL injection, for example.

Change-Id: I956548a34f664950246856966e5601dcac3daf00

core/java/android/database/sqlite/SQLiteDatabase.java

diff --git a/core/java/android/database/sqlite/SQLiteDatabase.java b/core/java/android/database/sqlite/SQLiteDatabase.java
index 433d5d1c..50e7356 100644
--- a/core/java/android/database/sqlite/SQLiteDatabase.java
+++ b/core/java/android/database/sqlite/SQLiteDatabase.java
@@ -16,6 +16,8 @@
 
 package android.database.sqlite;
 
+import android.annotation.NonNull;
+import android.annotation.Nullable;
 import android.content.ContentValues;
 import android.database.Cursor;
 import android.database.DatabaseErrorHandler;
@@ -1683,6 +1685,21 @@
     }
 
     /**
+     * Verifies that a SQL SELECT statement is valid by compiling it.
+     * If the SQL statement is not valid, this method will throw a {@link SQLiteException}.
+     *
+     * @param sql SQL to be validated
+     * @param cancellationSignal A signal to cancel the operation in progress, or null if none.
+     * If the operation is canceled, then {@link OperationCanceledException} will be thrown
+     * when the query is executed.
+     * @throws SQLiteException if {@code sql} is invalid
+     */
+    public void validateSql(@NonNull String sql, @Nullable CancellationSignal cancellationSignal) {
+        getThreadSession().prepare(sql,
+                getThreadDefaultConnectionFlags(/* readOnly =*/ true), cancellationSignal, null);
+    }
+
+    /**
      * Returns true if the database is opened as read only.
      *
      * @return True if database is opened as read only.