make sure no more than 1 sql statement is executed in execSQL()

ito address bug # 2256110.
diff --git a/tests/tests/database/src/android/database/sqlite/cts/SQLiteDatabaseTest.java b/tests/tests/database/src/android/database/sqlite/cts/SQLiteDatabaseTest.java
index 0791bcd..453aeda 100644
--- a/tests/tests/database/src/android/database/sqlite/cts/SQLiteDatabaseTest.java
+++ b/tests/tests/database/src/android/database/sqlite/cts/SQLiteDatabaseTest.java
@@ -648,6 +648,31 @@
             fail("should throw SQLException.");
         } catch (SQLException e) {
         }
+
+        // make sure execSQL can't be used to execute more than 1 sql statement at a time
+        mDatabase.execSQL("UPDATE test SET age = 40 WHERE name = 'Mike';" + 
+                "UPDATE test SET age = 50 WHERE name = 'Mike';");
+        // age should be updated to 40 not to 50
+        cursor = mDatabase.query(TABLE_NAME, TEST_PROJECTION, null, null, null, null, null);
+        assertNotNull(cursor);
+        assertEquals(1, cursor.getCount());
+        cursor.moveToFirst();
+        assertEquals("Mike", cursor.getString(COLUMN_NAME_INDEX));
+        assertEquals(40, cursor.getInt(COLUMN_AGE_INDEX));
+        assertEquals("LA", cursor.getString(COLUMN_ADDR_INDEX));
+        cursor.close();
+
+        // make sure sql injection is NOT allowed or has no effect when using query()
+        String harmfulQuery = "name = 'Mike';UPDATE test SET age = 50 WHERE name = 'Mike'";
+        cursor = mDatabase.query(TABLE_NAME, TEST_PROJECTION, harmfulQuery, null, null, null, null);
+        assertNotNull(cursor);
+        assertEquals(1, cursor.getCount());
+        cursor.moveToFirst();
+        assertEquals("Mike", cursor.getString(COLUMN_NAME_INDEX));
+        // row's age column SHOULD NOT be 50
+        assertEquals(40, cursor.getInt(COLUMN_AGE_INDEX));
+        assertEquals("LA", cursor.getString(COLUMN_ADDR_INDEX));
+        cursor.close();;
     }
 
     @TestTargetNew(