tags:

views:

504

answers:

1
Q: 

Insert into SQLite with variables using javascript

Hi,

I am developing an extension for firefox and i have created a SQLite DB. When inserting values into the table i get an error message: Error: Permission denied for http://en.wikipedia.org to call method UnnamedClass.toString on <>. The string values to be inserted are stored in a variable.

var book = "Harry Potter";
var myInsertQuery = 'INSERT INTO mybooks_tbl(title) VALUES('+ book + ');';

how do we insert data into the table as variables and not as strings?

cheers

+1  A: 

SQLite follows the ANSI standard for string literals:

A string constant is formed by enclosing the string in single quotes ('). A single quote within the string can be encoded by putting two single quotes in a row

so:

function sqlstr(s) {
    return "'"+s.replace(/'/g, "''")+"'";
}

var query= 'INSERT INTO books(title) VALUES('+sqlstr(book)+');';

You must remember to escape all string literals like this, or you will have made a client-side SQL-injection hole.

bobince  2009-10-18 11:53:55
Really, you shouldn't do the escaping yourself, however. You should use the binding functions that are available and let the engine handle it for you: https://developer.mozilla.org/En/Storage#Binding_Parameters
sdwilsh  2009-10-18 17:19:47
Thanks and i found a way around it by binding the parameter.
fftoolbar  2009-10-19 01:35:05

related questions

SQLite3::BusyException
How do I dump the data of some SQLite3 tables?
Database functionality with WPF app: SQLite, SQL CE, other?
SQLite UDF - VBA Callback
JavaScript sqlite
SQLite/PHP read-only?
Is there a MySQLAdmin or SQL Server Management Studio equivalent for SQLite databases on Windows?
What are the advantages of VistaDB
How Scalable is SQLite?
Programmatically access browser history
SQL Pagination
Metalanaguage to describe the Model from MVC to generate identical client and server side code
Java and SQLite
Is there a good IDE for SQLite ?
Does Visual Studio Server Explorer support custom database providers?
Objective-C: Passing around sets of data
What is the best way to connect and use a sqlite database from C#
Quick easy way to migrate SQLite3 to MySQL?
Why does sqlite3-ruby-1.2.2 not work on OS X?
T-Sql date format for seconds since last epoch / formatting for sqlite input
What's the best way of converting a mysql database to a sqlite one?
SQLite vs MySQL
Using SQLite with Visual Studio 2008 and Silverlight
Adobe Air - Using multiple SQLite databases at once
SQLite and XSD