0

I see the statement in executeSql like below: 

addTodo: function (text) {
 app.db.transaction(function (tx) {
 var ts = new Date();
 tx.executeSql("INSERT INTO todo(todo, added_on) VALUES (?,?)", [text, ts], app.onSuccess, app.onError);
 });
 },

My question is: what does the " VALUES (?,?) " mean?

asked Oct 5, 2014 at 9:43

2 Answers 2

1

That's a prepared statement, which you should use to prevent SQL Injection attacks. E.g.

var text = "foo";
var ts = "bar";
tx.executeSql("INSERT INTO todo(todo, added_on) VALUES (?,?)", [text, ts]);

is the same as:

tx.executeSql("INSERT INTO todo(todo, added_on) VALUES ('foo','bar')");
answered Oct 5, 2014 at 9:47
Sign up to request clarification or add additional context in comments.

Comments

1

Those are parameters that will be properly prepared and substituted by the array argument following the SQL statement.

So

tx.executeSql("INSERT INTO todo(todo, added_on) VALUES (?,?)", ['do this', '10/05/2014']);

will result in 

INSERT INTO todo(todo, added_on) VALUES ('do this', '10/05/2014')
answered Oct 5, 2014 at 9:45

Comments

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.