Sql statement JavaScript
Sql statement JavaScript
我在executeSql中看到的语句如下:
addTodo: function (text) {
app.db.transaction(function (tx) {
var ts = new Date();
tx.executeSql("INSERT INTO todo(todo, added_on) VALUES (?,?)", [text, ts], app.onSuccess, app.onError);
});
},
我的问题是:"价值观(?,?)"是什么意思?
这是一个准备好的语句,您应该使用它来防止SQL注入攻击。例如
var text = "foo";
var ts = "bar";
tx.executeSql("INSERT INTO todo(todo, added_on) VALUES (?,?)", [text, ts]);
与相同
tx.executeSql("INSERT INTO todo(todo, added_on) VALUES ('foo','bar')");
这些参数将被正确准备,并由SQL语句后面的数组参数替换。
所以
tx.executeSql("INSERT INTO todo(todo, added_on) VALUES (?,?)", ['do this', '10/05/2014']);
将导致
INSERT INTO todo(todo, added_on) VALUES ('do this', '10/05/2014')
相关文章:
- javascript "or" statement
- Javascript if statement if (ball.style.left === '0px'
- If-Statement中的Javascript元素验证
- Javascript document.cookie if statement
- Javascript Logic In a loop/if statement
- Javascript if statement Google Tools
- Javascript IF statement
- Javascript if-statement vs. comparsion
- Javascript condense if statement
- javascript 'or' statement
- Javascript optimizing if statement
- Javascript and CSS if statement
- PDO Prepared Statement允许执行javascript
- javascript for to while statement
- Sql statement JavaScript
- 选择Statement以循环使用另一个javascript
- javascript msgbox if statement
- Javascript !instanceof If Statement
- JavaScript中“if statement”的前半部分只触发一次
- Javascript statement with || {};