I implemented an app using an SQLite database and the data are stored in background without any user interactions. The only point where the use is needed is when data are deleted with an gesture and that is my question. Is it possible to make an SQL injection through a gesture and if so, how can I prevent it?
If the user is not inputting text then SQL Injection is highly unlikely.
However, if you use the convenience methods fully and or rawQuery execSQL with the 2nd parameter, passing any values via the 2nd parameter then the values will be bound which protects against SQL injection.
This example uses execSQL (both forms) and the insert convenience method to demonstrate the principles of using bound arguments and in the first example of not using a bound argument.
theSQLitedatabase.execSQL("INSERT INTO mytable VALUES('" + userdata + "')"); //<<<<<< potential for injection
theSQLitedatabase.execSQL("INSERT INTO mytable VALUES(?)",new String[]{userdata}); //<<<<< protects as value is bound by SQLite itself
/* Uses the convenience method that builds the SQL (as per 2nd example) and protects */
ContentValues cv = new Contentvalues();
cv.put(the_column_name_as_a_string,userdata);
theSQLitedatabase.insert("mytable",null,cv);