firefox - Insert into SQLite with variables using javascript -


I am developing an extension for Firefox and I have created a SQLite DB, I have an error message Receives: Error: Rejecting permission for call method is being rejected. String value is stored in a variable to insert

  var book = "Harry Potter"; Var include myInsertQuery = 'mybooks_tbl (title) values ​​(' + book + ');';  

How do we include data in the table as a variable and not in the form of a string?

Cheers

SQLite follows the ANSI standard for:

The string string is created by enclosing the string in single quotes (').

Such:

  function sqlstr (s) {return "encoded" by entering a single quotation in a single quote within a string '' '' string in one line .replace (+ 'sqlstr (book) +'); ';);'; ' / Code> 

You should remember to avoid all string literals in this way, or you can create client-side SQL-injection holes.


Comments

Popular posts from this blog

MySql variables and php -

url rewriting - How to implement the returnurl like SO in PHP? -

Which Python client library should I use for CouchdB? -