I am writing a Webkit app that imports data from an RSS feed and stores it in a Javascript Database. Since the data is coming from an external source I want to make sure the strings have been made safe before inserting it into the database. For example in PHP I would use "mysql_real_escape_string" function which escapes quotes and other characters.
Ideally I want to keep away from native functions so that this app can be deployed across multiple phone platforms (iPhone,Blackberry,Android) using WebKit.
Link to equivalent PHP function: http://php.net/manual/en/function.mysql-real-escape-string.php
Link to javascript database documentation: https://developer.apple.com/library/archive/documentation/iPhone/Conceptual/SafariJSDatabaseGuide/UsingtheJavascriptDatabase/UsingtheJavascriptDatabase.html
Example code:
Currently it is:
mydb.transaction(
function(transaction) {
transaction.executeSql("INSERT INTO rss (url,title) VALUES (?,?);",["www.some-rss-feed.com","a title containing a' quote"], successFunction, errorFunction);
}
);
Ideally it should be something like the following where "a_safe_function" is the name of the function that makes the string safe for the database.
mydb.transaction(
function(transaction) {
transaction.executeSql("INSERT INTO rss (url,title) VALUES (?,?);",[a_safe_function("www.some-rss-feed.com"),a_safe_function("a title containing a' quote")], successFunction, errorFunction);
}
);
Libraries I'm using:
- iPhoneGap
- JQueryMobile
- JQuery
