Chapter 14 SQLite Databases
You may be wondering why you are not putting uuidString directly into the where clause. That would
be a bit simpler than using? and passing it in as a String[], after all.
The answer is that in some cases your String might itself contain SQL code. If you put that String
directly in your query, that code could change the meaning of your query, or even alter your database.
This is called a SQL injection attack, and it is a bad thing indeed.
If you use ?, though, your code will do what you intended: treat it as a String value, not code. So it is
best to be safe and use? as a matter of habit, because it will always do what you intend no matter what
the String contains.
Crime instances get modified in CrimeFragment and will need to be written out when CrimeFragment
is done. Add an override to CrimeFragment.onPause() that updates CrimeLab’s copy of your Crime.
Listing 14.11 Pushing updates (CrimeFragment.java)
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
UUID crimeId = (UUID) getArguments().getSerializable(ARG_CRIME_ID);
mCrime = CrimeLab.get(getActivity()).getCrime(crimeId);
}
@Override
public void onPause() {
super.onPause();
CrimeLab.get(getActivity())
.updateCrime(mCrime);
}
Sadly, you have no way of verifying that this code works. That will need to wait until you can read in
the crimes you updated. To make sure that everything compiles correctly, run CriminalIntent one more
time before moving on to the next section. You should see a blank list.