0

I have a sqlite database where all rows have a UUID as the primary key, the db column is defined as a BLOB.

The keys are inserted as byte[] instead of Strings to avoid wasting storage and index spaces. I can insert, update and delete rows using SQLiteDatabase.compileStatement and using bindBlob on the SQLiteStatement but I can't find anyway to bind a blob to the parameters of a SELECT query.

Both SQLiteDatabase.query and .rawQuery expects my WHERE arguments to be Strings which will never match my byte array blobs. I can find my row if I construct my WHERE manually using a BLOB literal like this:

final Cursor query = db.query(getTableName(),
                              getColumns(),
                              "id = X'" + bytesToHex(getByteArrayFromUUID(id)) + "'" ,
                              null,
                              null,
                              null,
                              null);

But then I am vulnerable to SQL injections...

In every other language I have used SQLite in this is not a problem, is there really no way to get a standard prepared SELECT statement with android SQLite?

Improve this question

1 Answer 1

Reset to default
1

Most of the APIs in Android sqlite expect the parameter to be strings.

You can use compileStatement() to prepare your query and then use bindBlob() to bind a blob argument to it. Getting useful results out from the query is not easy though, SQLiteStatement has methods for only a few 1x1 result sets.

On the other hand, using a blob as a key doesn't seem like a good idea.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

compileStatement() does not return a response / cursor so it can't be used to execute SELECT queries.
"On the other hand, using a blob as a key doesn't seem like a good idea." The client have to generate a unique ID without talking to the server so we can't use a INT id, instead we use a UUID. We can store the UUID as TEXT but that will just waste space since the binary BLOB representation only occupies 16 bytes.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.