android - rawQuery Vs. database.query

Question

Are their any advantages in using rawQuery over the Query Builder (or vice versa)?

Does the Query Builder, for example, protect again SQL Injection attacks (While not a big a problem as with web sites, SQL Injection + a content provider could be an issue)? or is one faster than the other?

I'm fairly happy with SQL (enough for what I need to do anyway) and so I tend to go for rawQuery (I can read the source code easier), but I'm just wondering if I'm missing something that could be useful.

Answer 1

It's definitely preferred to build a query through the methods provided. Not only does it protect you from SQL injections, it also builds the query for you so you can avoid having a whole bunch of string concatenations that will make the query string less readable and more error prone. Performance-wise I don't think it makes much difference.