Titanium Community Questions & Answer Archive

We felt that 6+ years of knowledge should not die so this is the Titanium Community Questions & Answer Archive

How should I escape parameters when using SQLite?

What's the best practice to escape parameters when using Titanium.Database.DB.execute ?

— asked August 3rd 2010 by Ryan Mosfear
  • database
  • db
  • escape
  • sqlite
1 Comment

  • I would like to know this as well!

    — commented October 11th 2010 by Jeroen Kntl

2 Answers

  • This may be what you're looking for, no?

    http://developer.appcelerator.com/apidoc/desktop/latest/Titanium.Database.DB.execute-method.html

    — answered January 19th 2011 by Taylor Romero
    permalink
    1 Comment

    • This is what you want guys. Notice in the source code example how the question marks are replaced with the other params? This is better then escaping.

      DB.db.execute(
        "INSERT INTO images (title, description) VALUES (?, ?)",
        'test', 'a nice description'
);

      — commented January 19th 2011 by Bart Lewis

  • I'd like to rephrase the above question in "Is there any practice with regards to escaping parameters when using Ti.Database.DB.execute?".

    Right now I am parsing a feed server side with PHP's sql_escape_string and use the outcome of that, far from ideal.

    — answered October 11th 2010 by Jeroen Kntl
    permalink
    0 Comments
The ownership of individual contributions to this community generated content is retained by the authors of their contributions.
All trademarks remain the property of the respective owner.