...
I have had a difficult time getting the phonegap sql db operations to work properly, so I am trying to employ html5sql. Everything seems to work except for inserting variable values into a table. This is the code I'm testing with:
On Tuesday, June 28, 2016 at 10:27:22 PM UTC-5, Doc Jump wrote:
> Hello Kerri. I am more than pleased that someone has replied to my post. I have never had
> much success in getting answers here, but I didn't know where else to go. So here is a big
> THANK YOU to you!!
> However, yes I am familiar with the web page you referenced. In fact, I have spent more time
> than I care to admit staring at it. It does not go into the details of the INSERT statement and
> doesn't even mention the UPDATE statement which I need to use.
The library, as I see it, is intended as a wrapper around the Web SQL standard. The only implementation of that standard used SQLite, which is also what the third-party plugins for Cordova also use. Given that Web SQL itself is deprecated, I'd suggest switching to one of the third-party plugins, but I suspect that the html5sql library would keel over if you did so.
For help regarding SQL as understood by SQLite, see https://www.sqlite.org/lang.html
An UPDATE SQL statement takes the form:
UPDATE table
SET field = ? [, ...]
[WHERE condition]
> You mentioned something about my syntax "'+glname+'" etc. but I found thru some other sites
> that this is appropriate for declaring variables to be stored in a db when not using the "?"s.
I don't know which sites gave you this information, but this is /never/, //ever// appropriate when using variables, because this practically guarantees that your app is subject to SQL Injection attacks. The reason is that any untrusted data could be built to escape the quotes and then execute additional queries, or even corrupt and delete data. (Furthermore, even if your variables contain only trusted data, you still have the problem of some data containing a quote that then makes that SQL statement invalid.)
For more on SQL Injection, read: https://www.owasp.org/index.php/SQL_Injection
In short, when you need to pass data to a SQL command, always, always, always, always use parameters ("?").
> When you talk about concatenation, are you referring to the fact that I tried to store all variable
> values in one statement to be inserted??
In this instance, concatenation refers to using "+" to build a SQL string. You should never mix SQL and untrusted data in this manner.
> The real kicker here is that the same code I showed herein works in another program. That is
> why I have been clinging to it for so long, but I will try your suggestion. Again, thanks so much!
Perhaps you had an older version of the html5sql library that behaved differently? Or there's additional processing going on that isn't evident from the documentation. Without seeing the code you used in the other program, it's difficult to say why. Since I'm not familiar with the library you're using, I'm just guessing as to why it might be failing -- and I may be completely wrong in that respect.
Personally, I'd dispense with this library and use one of the Cordova SQLite plugins (and syntax) directly. It's not much more difficult, and you won't have to fuss with a library that few people are going to be able to help with. But that's my two cents. :-) This [https://github.com/litehelpers/cordova-sqlite-ext] is the plugin that I use.
Hope that helps!
--
-- You received this message because you are subscribed to the Google
Groups "phonegap" group.
To post to this group, send email to phon...@googlegroups.com
To unsubscribe from this group, send email to
phonegap+u...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/phonegap?hl=en?hl=en
For more info on PhoneGap or to download the code go to www.phonegap.com
---
You received this message because you are subscribed to the Google Groups "phonegap" group.
To unsubscribe from this group and stop receiving emails from it, send an email to phonegap+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
--
-- You received this message because you are subscribed to the Google
Groups "phonegap" group.
To post to this group, send email to phon...@googlegroups.com
To unsubscribe from this group, send email to
phonegap+u...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/phonegap?hl=en?hl=en
For more info on PhoneGap or to download the code go to www.phonegap.com
---
You received this message because you are subscribed to a topic in the Google Groups "phonegap" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/phonegap/agD1o3TJJK0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to phonegap+u...@googlegroups.com.
--
-- You received this message because you are subscribed to the Google
Groups "phonegap" group.
To post to this group, send email to phon...@googlegroups.com
To unsubscribe from this group, send email to
phonegap+u...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/phonegap?hl=en?hl=en
For more info on PhoneGap or to download the code go to www.phonegap.com
---
You received this message because you are subscribed to the Google Groups "phonegap" group.
To unsubscribe from this group and stop receiving emails from it, send an email to phonegap+u...@googlegroups.com.