Fatal编程技术网
  • sqlite/
  • Sqlite 如何处理squlite数据库中的特殊字符

Sqlite 如何处理squlite数据库中的特殊字符

sqlite cordova

Sqlite 如何处理squlite数据库中的特殊字符,sqlite,mysqli,cordova,Sqlite,Mysqli,Cordova,如何处理squlite数据库phone gap中的特殊字符。实际上,每当用户在数据库中输入特殊字符时,我的应用程序就会崩溃。如何处理。我希望用户能够输入特殊字符,但在插入时它会变为其他文本。并且在读取时将其重新转换为相同的特殊字符。这是可能的吗。这是我的密码 var db = ""; //will create database Dummy_DB or open it //function will be called when device ready function onDeviceRe

如何处理squlite数据库phone gap中的特殊字符。实际上,每当用户在数据库中输入特殊字符时,我的应用程序就会崩溃。如何处理。我希望用户能够输入特殊字符,但在插入时它会变为其他文本。并且在读取时将其重新转换为相同的特殊字符。这是可能的吗。这是我的密码

var db = "";
//will create database Dummy_DB or open it

//function will be called when device ready
function onDeviceReady() {


    db = window.openDatabase("Casepad", "1.0", "Casepad", 200000);
 //db.delete("DROP TABLE CaseTable", null, null);
    if (window.localStorage.getItem("isAddSomeData") == "yes") {

        db.transaction(getallTableData, errorCB);


    }    
}

function insertData() {
    db.transaction(createTable, errorCB, afterSuccessTableCreation);
}

//create table and insert some record
function createTable(tx) {
    tx.executeSql('CREATE TABLE IF NOT EXISTS CaseTable (id INTEGER PRIMARY KEY AUTOINCREMENT, CaseName  VARCHAR(100) unique NOT NULL ,CaseDate INTEGER ,TextArea VARCHAR(200) NOT NULL)');

    tx.executeSql('INSERT OR IGNORE INTO CaseTable(CaseName,CaseDate,TextArea) VALUES ("' + $('.caseName_h').val() + '", "' + $('.caseDate_h').val() + '","' + $('.caseTextArea_h').val() + '")');


}
//function will be called when an error occurred
function errorCB(err) {
    navigator.notification.alert("Error processing SQL: " + err.code);
}

//function will be called when process succeed
function afterSuccessTableCreation() {
    console.log("success!");
    db.transaction(getallTableData, errorCB);
}



//select all from SoccerPlayer
function getallTableData(tx) {
    // tx.executeSql("DROP TABLE IF EXISTS a");       
    tx.executeSql('SELECT * FROM CaseTable', [], querySuccess, errorCB);
}



function querySuccess(tx, result) {


    var len = result.rows.length;
    var countDoument=0
    $('#folderData').empty();
    for (var i = 0; i < len; i++) {

    currentTableName=result.rows.item(i).CaseName;

     countElements(currentTableName, function(i) {
      return function(result_count) {
        countDoument = result_count; // here it count value 

       $('#folderData').append(
            '<li class="caseRowClick" id="' + result.rows.item(i).id + '" data-rel="popup" data-position-to="window">' + '<a href="#">' + '<img src="img/Blue-Folder.png">' + '<h2>' + result.rows.item(i).CaseName  + '</h2>' + '<p>' + result.rows.item(i).TextArea + '</p>' + '<p>' + result.rows.item(i).CaseDate + '</p>' +'<span class="ui-li-count">' + countDoument + '</span>'+  '</a>' +
            '<span class="ctrl togg"><fieldset data-role="controlgroup" data-type="horizontal" data-mini="true" ><button class="edit button_design">Edit</button><button class="del button_design">Delete</button></fieldset><span>' + '</li>'
        );
           $('#folderData').listview('refresh');

      };

    }(i));


}


}
只需使用参数,就无需进行转换:

tx.executeSql('INSERT INTO Tab(Name, Date) VALUES(?,?)',
              [$('.caseName_h').val(),
               $('.caseDate_h').val()]);
所以它将使用数据库中的特殊字符..?是的,并且决不能在SQL语句中合并用户键入的文本。这是SQL安全基础。