Sqlite 如何处理squlite数据库中的特殊字符
如何处理squlite数据库phone gap中的特殊字符。实际上,每当用户在数据库中输入特殊字符时,我的应用程序就会崩溃。如何处理。我希望用户能够输入特殊字符,但在插入时它会变为其他文本。并且在读取时将其重新转换为相同的特殊字符。这是可能的吗。这是我的密码Sqlite 如何处理squlite数据库中的特殊字符,sqlite,mysqli,cordova,Sqlite,Mysqli,Cordova,如何处理squlite数据库phone gap中的特殊字符。实际上,每当用户在数据库中输入特殊字符时,我的应用程序就会崩溃。如何处理。我希望用户能够输入特殊字符,但在插入时它会变为其他文本。并且在读取时将其重新转换为相同的特殊字符。这是可能的吗。这是我的密码 var db = ""; //will create database Dummy_DB or open it //function will be called when device ready function onDeviceRe
var db = "";
//will create database Dummy_DB or open it
//function will be called when device ready
function onDeviceReady() {
db = window.openDatabase("Casepad", "1.0", "Casepad", 200000);
//db.delete("DROP TABLE CaseTable", null, null);
if (window.localStorage.getItem("isAddSomeData") == "yes") {
db.transaction(getallTableData, errorCB);
}
}
function insertData() {
db.transaction(createTable, errorCB, afterSuccessTableCreation);
}
//create table and insert some record
function createTable(tx) {
tx.executeSql('CREATE TABLE IF NOT EXISTS CaseTable (id INTEGER PRIMARY KEY AUTOINCREMENT, CaseName VARCHAR(100) unique NOT NULL ,CaseDate INTEGER ,TextArea VARCHAR(200) NOT NULL)');
tx.executeSql('INSERT OR IGNORE INTO CaseTable(CaseName,CaseDate,TextArea) VALUES ("' + $('.caseName_h').val() + '", "' + $('.caseDate_h').val() + '","' + $('.caseTextArea_h').val() + '")');
}
//function will be called when an error occurred
function errorCB(err) {
navigator.notification.alert("Error processing SQL: " + err.code);
}
//function will be called when process succeed
function afterSuccessTableCreation() {
console.log("success!");
db.transaction(getallTableData, errorCB);
}
//select all from SoccerPlayer
function getallTableData(tx) {
// tx.executeSql("DROP TABLE IF EXISTS a");
tx.executeSql('SELECT * FROM CaseTable', [], querySuccess, errorCB);
}
function querySuccess(tx, result) {
var len = result.rows.length;
var countDoument=0
$('#folderData').empty();
for (var i = 0; i < len; i++) {
currentTableName=result.rows.item(i).CaseName;
countElements(currentTableName, function(i) {
return function(result_count) {
countDoument = result_count; // here it count value
$('#folderData').append(
'<li class="caseRowClick" id="' + result.rows.item(i).id + '" data-rel="popup" data-position-to="window">' + '<a href="#">' + '<img src="img/Blue-Folder.png">' + '<h2>' + result.rows.item(i).CaseName + '</h2>' + '<p>' + result.rows.item(i).TextArea + '</p>' + '<p>' + result.rows.item(i).CaseDate + '</p>' +'<span class="ui-li-count">' + countDoument + '</span>'+ '</a>' +
'<span class="ctrl togg"><fieldset data-role="controlgroup" data-type="horizontal" data-mini="true" ><button class="edit button_design">Edit</button><button class="del button_design">Delete</button></fieldset><span>' + '</li>'
);
$('#folderData').listview('refresh');
};
}(i));
}
}
只需使用参数,就无需进行转换:
tx.executeSql('INSERT INTO Tab(Name, Date) VALUES(?,?)',
[$('.caseName_h').val(),
$('.caseDate_h').val()]);
所以它将使用数据库中的特殊字符..?是的,并且决不能在SQL语句中合并用户键入的文本。这是SQL安全基础。