开发者

no error on sql insert, yet table has no data

问答 作者:

i'm using sqlite in titanium mobile. i've had no problem running updates on another table, in the same db, so my connection seems to be ok. however, when i run inserts on a table, i'm not getting any data inserted and no error/exception is being thrown. so i'm confused on what is happening. here is my table structure

CREATE TABLE events (
gCal_uid VARCHAR,
title VARCHAR,
content VARCHAR,
location VARCHAR,
startTime VARCHAR, 
endTime VARCHAR, 
published VARCHAR,
updated VARCHAR,
eventStatus VARCHAR
);

here is the code. you can see the insert statement below. on the output of the variables, they all have data in them. possibly my syntax is wrong?

var db = Ti.Database.open('content');
Titanium.API.info(" number or results returned = " + cal.feed.entry.length);
var i;
for (i=0; i < cal.feed.entry.length; i++){
    var e = cal.feed.entry[i];

    var calUid = e.gCal$uid.value;
    var title = e.title.$t;
    var content = e.content.$t;
    var lo开发者_高级运维cation = e.gd$where.valueString;
    var startTime = e.gd$when[0].startTime;
    var endTime =  e.gd$when[0].endTime;
    var published = e.published.$t;
    var updated = e.updated.$t;
    var eventStatus = e.gd$eventStatus.value;

    Titanium.API.info(calUid + title + content + location + startTime + endTime + published + updated + eventStatus);

    var theData = db.execute('INSERT INTO events (gCal_uid, title, content, location, startTime, endTime, published, updated, eventStatus) VALUES("'+calUid+'","'+title+'", "'+content+'", "'+location+'", "'+startTime+'", "'+endTime+'", "'+published+'", "'+updated+'", "'+eventStatus+'")');
    theData;
    Ti.API.info("rows inserted" + i);
}
Ti.API.info("closed the db");
db.close();

SQL uses single quotes. Javascript uses either.

You want the resulting SQL to be as if you'd written

INSERT info foo (a,b) values ('a value', 'b value')

The simplest more-correct equivalent would be:

var theData = db.execute("INSERT INTO events (gCal_uid, title, content, location, startTime, endTime, published, updated, eventStatus) VALUES('"+calUid+"','"+title+"','"+content+"','"+location+"','"+startTime+"','"+endTime+"','"+published+"','"+updated+"','"+eventStatus+"')");

But you really want to use parameter substitution to avoid injection issues and quoting errors, e.g.

var theData = db.execute("INSERT INTO events (gCal_uid, title, content, location, startTime, endTime, published, updated, eventStatus) values (?,?,?,?,?,?,?,?,?)", calUid, title, content, location, startTime, endTime, published, updated, eventStatus);

SQL string literals are to be surrounded by single quotes, not double quotes.

INSERT INTO foo (a) VALUES("a");

is not a correct statement.

INSERT INTO foo (a) VALUES('a');

is a correct SQL statement.

Moreover you MUST ensure that what you insert is properly escaped (which you do not). You must therefore double every single single quote inside your variable before concatenating it with the rest of the SQL statement.

继续阅读:appcelerator-mobilejavascriptsql

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9