Hello!
I have created an offline HTML5 project management solution that uses the local browser database to store data.
It all goes well, but now I'm preparing the plugin for back-up (to SQL file) for my customers, and I ran into a problem, here it goes:
I tried to manually create the SQL statements, like this:
Code:
webdb.db.transaction(function(tx) {
tx.executeSql('SELECT * FROM projects', [], addProjects, webdb.onError);
});
function addProjects (tx, rs) {
var output = '';
for (var i=0; i < rs.rows.length; i++) {
output += 'INSERT INTO projects(ID, title) VALUES ('+rs.rows.item(i).ID+',\''+rs.rows.item(i).title+'\');';
}
}
It works well, but the problem is that I have tables that contain HTML data, JavaScript code, etc. So when I try to prepare those SQL statements, I have ALLOT of escaping to do. I tried a few different ways of escaping the characters, but none of them succeeded...
When the JS engine prepares the statements (when I insert data), it prepares them very well, I just don't know how to make use of that engine without actually executing the query:
Code:
tx.executeSql('INSERT INTO projects(ID, title) VALUES (?,?)', [id, title], webdb.onSuccess, webdb.onError);
Is there a way to use the built-in SQL statement preparing without executing the query? Or maybe if you have a 100% working JavaScript code that can escape everything right?
Thanks in advance
