问题描述:

I am inserting the text field value in data base .Actually my application crash when user use (,"",'')comma single code ,double code.I think we cannot add these character in data base?

can you please tell me how to remove this character .I should only allow thise charater which don't crash the insert query. I am using sqlite in phonegap.

I found this but this is not good solution because some character allowed in data base

$(document).on("keyup", ".caseName_h", function () {

if (/[^\w]/g.test($(this).val())) {

$(this).val($(this).val().replace(/[^\w]/g, ""));

PG_alert('Special characters not allowed!');

}

});

function insertData() {

db.transaction(createTable, errorCB, afterSuccessTableCreation);

}

//create table and insert some record

function createTable(tx) {

tx.executeSql('CREATE TABLE IF NOT EXISTS CaseTable (id INTEGER PRIMARY KEY AUTOINCREMENT, CaseName VARCHAR(100) unique NOT NULL ,CaseDate INTEGER ,TextArea VARCHAR(200) NOT NULL)');

tx.executeSql('INSERT OR IGNORE INTO CaseTable(CaseName,CaseDate,TextArea) VALUES ("' + $('.caseName_h').val() + '", "' + $('.caseDate_h').val() + '","' + $('.caseTextArea_h').val() + '")');

}

//function will be called when an error occurred

function errorCB(err) {

navigator.notification.alert("Error processing SQL: " + err.code);

}

//function will be called when process succeed

function afterSuccessTableCreation() {

console.log("success!");

db.transaction(getallTableData, errorCB);

}

//select all from SoccerPlayer

function getallTableData(tx) {

// tx.executeSql("DROP TABLE IF EXISTS a");

tx.executeSql('SELECT * FROM CaseTable', [], querySuccess, errorCB);

}

/*function querySuccess(){

for (var i = 0; i < len; i++) {

alert(result.rows.item(0).CaseName)

db.transaction(function (tx) {

tx.executeSql('SELECT * FROM "'+result.rows.item(0).CaseName+'"', [],

// tx.executeSql('SELECT EXISTS(SELECT * FROM b)', [],

function(tx, results) {

t=results.rows.length;

alert(t)

});

});

}

}*/

function querySuccess(tx, result) {

var len = result.rows.length;

var countDoument = 0

$('#folderData').empty();

for (var i = 0; i < len; i++) {

currentTableName = result.rows.item(i).CaseName;

countElements(currentTableName, function (i) {

return function (result_count) {

countDoument = result_count; // here it count value

$('#folderData').append(

'<li class="caseRowClick" id="' + result.rows.item(i).id + '" data-rel="popup" data-position-to="window">' + '<a href="#">' + '<img src="img/Blue-Folder.png">' + '<h2>' + result.rows.item(i).CaseName + '</h2>' + '<p>' + result.rows.item(i).TextArea + '</p>' + '<p>' + result.rows.item(i).CaseDate + '</p>' + '<span class="ui-li-count">' + countDoument + '</span>' + '</a>' +

'<span class="ctrl togg"><fieldset data-role="controlgroup" data-type="horizontal" data-mini="true" ><button class="edit button_design">Edit</button><button class="del button_design">Delete</button></fieldset><span>' + '</li>');

$('#folderData').listview('refresh');

};

}(i));

}

}

tx.executeSql('INSERT OR IGNORE INTO CaseTable(CaseName,CaseDate,TextArea) VALUES ("' + $('.caseName_h').val() + '", "' + $('.caseDate_h').val() + '","' + $('.caseTextArea_h').val() + '")');

网友答案:

Use this it will help you..

 tx.executeSql('INSERT INTO Tab(Name, Date) VALUES(?,?)',
              [$('.caseName_h').val(),
               $('.caseDate_h').val()]);
网友答案:

You surely can insert these characters in a database, but you need to escape them.

The best way is to use PDO's prepared queries, where you can define elements inside the query by indicators like "?" or :value, then put the contents in the PDO->execute($args) method.

Not allowing special characters in such case is not user friendly, as either them or you may need to insert such characters.

I recommand you to first check how you send the informations to the database. Can you show us how you make your requests to the db ?

网友答案:

You should try something like encodeURIComponent("The special characters."),

This helps you to allow all special characters.

相关阅读:
Top