Search code examples
javascriptsqlsqliteappcelerator-mobile

no error on sql insert, yet table has no data

i'm using sqlite in titanium mobile. i've had no problem running updates on another table, in the same db, so my connection seems to be ok. however, when i run inserts on a table, i'm not getting any data inserted and no error/exception is being thrown. so i'm confused on what is happening. here is my table structure

CREATE TABLE events (
gCal_uid VARCHAR,
title VARCHAR,
content VARCHAR,
location VARCHAR,
startTime VARCHAR, 
endTime VARCHAR, 
published VARCHAR,
updated VARCHAR,
eventStatus VARCHAR
);

here is the code. you can see the insert statement below. on the output of the variables, they all have data in them. possibly my syntax is wrong?

var db = Ti.Database.open('content');
Titanium.API.info(" number or results returned = " + cal.feed.entry.length);
var i;
for (i=0; i < cal.feed.entry.length; i++){
    var e = cal.feed.entry[i];

    var calUid = e.gCal$uid.value;
    var title = e.title.$t;
    var content = e.content.$t;
    var location = e.gd$where.valueString;
    var startTime = e.gd$when[0].startTime;
    var endTime =  e.gd$when[0].endTime;
    var published = e.published.$t;
    var updated = e.updated.$t;
    var eventStatus = e.gd$eventStatus.value;

    Titanium.API.info(calUid + title + content + location + startTime + endTime + published + updated + eventStatus);

    var theData = db.execute('INSERT INTO events (gCal_uid, title, content, location, startTime, endTime, published, updated, eventStatus) VALUES("'+calUid+'","'+title+'", "'+content+'", "'+location+'", "'+startTime+'", "'+endTime+'", "'+published+'", "'+updated+'", "'+eventStatus+'")');
    theData;
    Ti.API.info("rows inserted" + i);
}
Ti.API.info("closed the db");
db.close();
Solution

  • SQL uses single quotes. Javascript uses either.

    You want the resulting SQL to be as if you'd written

    INSERT info foo (a,b) values ('a value', 'b value')

    The simplest more-correct equivalent would be:

    var theData = db.execute("INSERT INTO events (gCal_uid, title, content, location, startTime, endTime, published, updated, eventStatus) VALUES('"+calUid+"','"+title+"','"+content+"','"+location+"','"+startTime+"','"+endTime+"','"+published+"','"+updated+"','"+eventStatus+"')");

    But you really want to use parameter substitution to avoid injection issues and quoting errors, e.g.

    var theData = db.execute("INSERT INTO events (gCal_uid, title, content, location, startTime, endTime, published, updated, eventStatus) values (?,?,?,?,?,?,?,?,?)", calUid, title, content, location, startTime, endTime, published, updated, eventStatus);