插入SQL上的双引号和单引号
[英]Double and Single quotes on Insert SQL
问题描述
I'm trying to insert dynamic elements to a table using Javascript and SQLite, I have a problem when one of the values has a single quote AND a double quote, for example -- 7' inches" vinyl -- I KNOW THAT EXAMPLE MAKES NO SENSE, but the users of this app insert all kind of crap in the forms. 
我正在尝试使用Javascript和SQLite将动态元素插入表中,当其中一个值具有单引号和双引号时出现问题,例如-7'英寸的乙烯基-我知道该示例没有意义,但此应用程序的用户在表格中插入了各种废话。
My query would be messed up with the "' everywhere, my question is: is there a function or something that could make me use the real string that I need without breaking everything? 我的查询到处都会弄乱“',我的问题是:是否存在某个函数或某些东西可以使我使用所需的真实字符串而不破坏所有内容?
This is the code: 这是代码:
$.each(data, function(i, item) {
tx.executeSql("INSERT INTO articulo (codart) VALUES (" + validate(item.CODART) + ")");
});
function validate(item){
if(item == null){
return null;
}else{
return "'" + item + "'";
}
}
2 个解决方案
解决方案1
2 2014-06-24 20:41:59
您可以通过将单引号加倍来转义单引号,但仅使用参数会更容易:
tx.executeSql("INSERT INTO articulo (codart) VALUES (?)", [validate(item.CODART)]);
解决方案2
1 2014-06-24 21:25:35
The double quotes should not create a problem. 双引号应该不会造成问题。 Try replacing the single quotes by two single quotes. 尝试用两个单引号替换单引号。
Change the function to: 将该功能更改为:
function validate(item){
if(item == null){
return null;
}else{
return "'" + item.replace("'", "''") + "'";
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.