From 7594e51a1869557f461205a18e3d825d0283cbcd Mon Sep 17 00:00:00 2001
From: Cameron Gutman <aicommander@gmail.com>
Date: Wed, 6 Jan 2016 15:17:30 -0600
Subject: [PATCH] Fix SQL injection vulnerability and crashes when an
 apostrophe is present in a computer name

---
 .../java/com/limelight/computers/ComputerDatabaseManager.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/src/main/java/com/limelight/computers/ComputerDatabaseManager.java b/app/src/main/java/com/limelight/computers/ComputerDatabaseManager.java
index c5c5585d..d3d19867 100644
--- a/app/src/main/java/com/limelight/computers/ComputerDatabaseManager.java
+++ b/app/src/main/java/com/limelight/computers/ComputerDatabaseManager.java
@@ -53,7 +53,7 @@ public class ComputerDatabaseManager {
     }
 
     public void deleteComputer(String name) {
-        computerDb.delete(COMPUTER_TABLE_NAME, COMPUTER_NAME_COLUMN_NAME+"='"+name+"'", null);
+        computerDb.delete(COMPUTER_TABLE_NAME, COMPUTER_NAME_COLUMN_NAME+"=?", new String[]{name});
     }
 
     public boolean updateComputer(ComputerDetails details) {
@@ -118,7 +118,7 @@ public class ComputerDatabaseManager {
     }
 
     public ComputerDetails getComputerByName(String name) {
-        Cursor c = computerDb.rawQuery("SELECT * FROM "+COMPUTER_TABLE_NAME+" WHERE "+COMPUTER_NAME_COLUMN_NAME+"='"+name+"'", null);
+        Cursor c = computerDb.query(COMPUTER_TABLE_NAME, null, COMPUTER_NAME_COLUMN_NAME+"=?", new String[]{name}, null, null, null);
         ComputerDetails details = new ComputerDetails();
         if (!c.moveToFirst()) {
             // No matching computer