Adnan Hussein February 2016

Apostrophe breaking insert query in SQLite in Titanium

I am writing an application in JavaScript using Appcelerator's Titanium development platform to deploy to the Android mobile platform. I am trying to perform an INSERT to an SQLite database.

The strings whenever they have a single quote or an apostrophe entered by a user breaks the insert query. What am I doing wrong?

  var db = Ti.Database.install('db/kewGarden.sqlite', 'kewGarden');
   var driveByData = {
    "notes" : $.row3.getValue() // User entered string
};

driveByData = JSON.stringify(driveByData);

dbLib.saveRecording(saveDriveByDetailsSuccess, saveDriveByDetailsError,  {
    ref_id : newdriveById,
    tableName : tableName,
    data : driveByData
});

saveRecording : function(onSuccessCallback, onErrorCallback, options) {
    var strReplaceData = options.data.replace("'", "\'"); 
    db.execute("INSERT INTO g_temp  (ref_id, table_name, data, site) VALUES (" + options.ref_id + ",'" + options.tableName + "','" + strReplaceData + "','" + options.site + "')");       
},

The docs for this database are here:

http://docs.appcelerator.com/platform/latest/#!/api/Titanium.Database.DB-method-execute

Answers


Vasim Vanzara February 2016

Use parameters, then you don't need to escape anything:

db.execute('INSERT INTO MyTable(ID, Name) VALUES(?, ?)', 123, name);

Your Query like this,

db.execute('INSERT INTO g_temp  (ref_id, table_name, data, site) VALUES (?,?,?,?)',options.ref_id,options.tableName,options.data,options.site);

Post Status

Asked in February 2016
Viewed 1,096 times
Voted 6
Answered 1 times

Search




Leave an answer