Android application is already developed using ActiveAndroid
public static List<ModelNames> search(String pattern) {
return new Select().from(ModelNames.class)
.where("title LIKE '%" + pattern + "%' or content LIKE '%" + pattern + "%'")
.orderBy("title")
.execute();
}
Now its prone to SQL injections.
Has anyone faced a similar problem and found a solution or could anyone provide a solution for the same?
Found a issue on github, but could not get a proper solution.
The examples on the website show how to use placeholders:
public static List<ModelNames> search(String pattern) {
pattern = "%" + pattern + "%";
return new Select().from(ModelNames.class)
.where("title LIKE ? or content LIKE ?", pattern, pattern)
.orderBy("title")
.execute();
}