sql插入没有错误,但表没有数据

发布于 2024-10-16 06:32:16 字数 1453 浏览 3 评论 0原文

我在钛手机中使用 sqlite。我在同一个数据库中的另一个表上运行更新没有问题,所以我的连接似乎没问题。但是,当我在表上运行插入时,我没有插入任何数据,也没有抛出任何错误/异常。所以我对正在发生的事情感到困惑。这是我的表结构,

CREATE TABLE events (
gCal_uid VARCHAR,
title VARCHAR,
content VARCHAR,
location VARCHAR,
startTime VARCHAR, 
endTime VARCHAR, 
published VARCHAR,
updated VARCHAR,
eventStatus VARCHAR
);

这是代码。你可以看到下面的插入语句。在变量的输出上,它们都有数据。也许我的语法是错误的?

var db = Ti.Database.open('content');
Titanium.API.info(" number or results returned = " + cal.feed.entry.length);
var i;
for (i=0; i < cal.feed.entry.length; i++){
    var e = cal.feed.entry[i];

    var calUid = e.gCal$uid.value;
    var title = e.title.$t;
    var content = e.content.$t;
    var location = e.gd$where.valueString;
    var startTime = e.gd$when[0].startTime;
    var endTime =  e.gd$when[0].endTime;
    var published = e.published.$t;
    var updated = e.updated.$t;
    var eventStatus = e.gd$eventStatus.value;

    Titanium.API.info(calUid + title + content + location + startTime + endTime + published + updated + eventStatus);

    var theData = db.execute('INSERT INTO events (gCal_uid, title, content, location, startTime, endTime, published, updated, eventStatus) VALUES("'+calUid+'","'+title+'", "'+content+'", "'+location+'", "'+startTime+'", "'+endTime+'", "'+published+'", "'+updated+'", "'+eventStatus+'")');
    theData;
    Ti.API.info("rows inserted" + i);
}
Ti.API.info("closed the db");
db.close();

i'm using sqlite in titanium mobile. i've had no problem running updates on another table, in the same db, so my connection seems to be ok. however, when i run inserts on a table, i'm not getting any data inserted and no error/exception is being thrown. so i'm confused on what is happening. here is my table structure

CREATE TABLE events (
gCal_uid VARCHAR,
title VARCHAR,
content VARCHAR,
location VARCHAR,
startTime VARCHAR, 
endTime VARCHAR, 
published VARCHAR,
updated VARCHAR,
eventStatus VARCHAR
);

here is the code. you can see the insert statement below. on the output of the variables, they all have data in them. possibly my syntax is wrong?

var db = Ti.Database.open('content');
Titanium.API.info(" number or results returned = " + cal.feed.entry.length);
var i;
for (i=0; i < cal.feed.entry.length; i++){
    var e = cal.feed.entry[i];

    var calUid = e.gCal$uid.value;
    var title = e.title.$t;
    var content = e.content.$t;
    var location = e.gd$where.valueString;
    var startTime = e.gd$when[0].startTime;
    var endTime =  e.gd$when[0].endTime;
    var published = e.published.$t;
    var updated = e.updated.$t;
    var eventStatus = e.gd$eventStatus.value;

    Titanium.API.info(calUid + title + content + location + startTime + endTime + published + updated + eventStatus);

    var theData = db.execute('INSERT INTO events (gCal_uid, title, content, location, startTime, endTime, published, updated, eventStatus) VALUES("'+calUid+'","'+title+'", "'+content+'", "'+location+'", "'+startTime+'", "'+endTime+'", "'+published+'", "'+updated+'", "'+eventStatus+'")');
    theData;
    Ti.API.info("rows inserted" + i);
}
Ti.API.info("closed the db");
db.close();

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

兲鉂ぱ嘚淚 2024-10-23 06:32:16

SQL 使用单引号。 Javascript 都使用其中之一。

您希望生成的 SQL 就像您编写的一样

INSERT info foo (a,b) values ('a value', 'b value')

最简单、更正确的等效项是:

var theData = db.execute("INSERT INTO events (gCal_uid, title, content, location, startTime, endTime, published, updated, eventStatus) VALUES('"+calUid+"','"+title+"','"+content+"','"+location+"','"+startTime+"','"+endTime+"','"+published+"','"+updated+"','"+eventStatus+"')");

但您确实希望使用参数替换来避免注入问题和引用错误,例如

var theData = db.execute("INSERT INTO events (gCal_uid, title, content, location, startTime, endTime, published, updated, eventStatus) values (?,?,?,?,?,?,?,?,?)", calUid, title, content, location, startTime, endTime, published, updated, eventStatus);

SQL uses single quotes. Javascript uses either.

You want the resulting SQL to be as if you'd written

INSERT info foo (a,b) values ('a value', 'b value')

The simplest more-correct equivalent would be:

var theData = db.execute("INSERT INTO events (gCal_uid, title, content, location, startTime, endTime, published, updated, eventStatus) VALUES('"+calUid+"','"+title+"','"+content+"','"+location+"','"+startTime+"','"+endTime+"','"+published+"','"+updated+"','"+eventStatus+"')");

But you really want to use parameter substitution to avoid injection issues and quoting errors, e.g.

var theData = db.execute("INSERT INTO events (gCal_uid, title, content, location, startTime, endTime, published, updated, eventStatus) values (?,?,?,?,?,?,?,?,?)", calUid, title, content, location, startTime, endTime, published, updated, eventStatus);
月竹挽风 2024-10-23 06:32:16

SQL 字符串文字要用单引号引起来,而不是用双引号引起来。

INSERT INTO foo (a) VALUES("a");

不是正确的说法。

INSERT INTO foo (a) VALUES('a');

是正确的SQL语句。

此外,您必须确保您插入的内容被正确转义(但您没有)。因此,在将变量与 SQL 语句的其余部分连接之前,必须将变量中的每个单引号加倍。

SQL string literals are to be surrounded by single quotes, not double quotes.

INSERT INTO foo (a) VALUES("a");

is not a correct statement.

INSERT INTO foo (a) VALUES('a');

is a correct SQL statement.

Moreover you MUST ensure that what you insert is properly escaped (which you do not). You must therefore double every single single quote inside your variable before concatenating it with the rest of the SQL statement.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文