CX SQL_Injection @ app/src/main/java/jakhar/aseem/diva/SQLInjectionActivity.java [master]

[kmcdon83]

SQL_Injection issue exists @ app/src/main/java/jakhar/aseem/diva/SQLInjectionActivity.java in branch master

Method search at line 66 of app\src\main\java\jakhar\aseem\diva\SQLInjectionActivity.java gets user input from the getText element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in a database query in method search at line 66 of app\src\main\java\jakhar\aseem\diva\SQLInjectionActivity.java. This may enable an SQL Injection attack.

Severity: High
CWE:89
Vulnerability details and guidance
Internal Guidance
Lines: 70

---

Code (Line #70):

            cr = mDB.rawQuery("SELECT * FROM sqliuser WHERE user = '" + srchtxt.getText().toString() + "'", null);

---

[kmcdon83]

Issue still exists.