均为其在使用rawQuery在查询生成器（反之亦然）？

Are their any advantages in using rawQuery over the Query Builder (or vice versa)?

请问查询生成器，例如，保护再次SQL注入攻击（虽然不是一个大问题，因为与网站，SQL注入+内容提供者可能是一个问题）？或者是其中一个比另一个更快？

Does the Query Builder, for example, protect again SQL Injection attacks (While not a big a problem as with web sites, SQL Injection + a content provider could be an issue)? or is one faster than the other?

我相当满意的SQL（够我需要做的工作），所以我倾向于去rawQuery（我可以读取源$ C ​​$ C容易），但我只是想知道如果我'中号失去了一些东西，可能是有益的。

I'm fairly happy with SQL (enough for what I need to do anyway) and so I tend to go for rawQuery (I can read the source code easier), but I'm just wondering if I'm missing something that could be useful.

推荐答案

这绝对是preferred建立通过提供的方法查询。它不仅保护您免受SQL注入，它也建立了查询你，让你能避免一大堆的字符串连接的，这将使查询字符串的可读性，更容易出错。性能方面，我不认为它使多大的区别。

It's definitely preferred to build a query through the methods provided. Not only does it protect you from SQL injections, it also builds the query for you so you can avoid having a whole bunch of string concatenations that will make the query string less readable and more error prone. Performance-wise I don't think it makes much difference.