在SQLITE中INSERT WITH SELECT查询给我语法错误?

时间:2013-07-05 06:00:56

标签: android sql sqlite cordova

任何人都可以让我知道我在这里做错了什么.....

尝试在sqlite数据库管理器中运行查询时,我的查询和获取语法错误"near SELECT"以及在phonegap应用程序执行期间始终进入"errorfunction"

tx.executeSql("INSERT INTO proposal_products(proposal_id,date_created,date_modified,labour_hours,cost_price,sale_price,adj_cost_price,adj_sale_price,service_price,adj_service_price,discipline_products_id) VALUES("
                        + window.localStorage
                                .getItem("assign_proposal_id")
                        + ",'"
                        + getCurrentDateTime()
                        + "','"
                        + getCurrentDateTime()
                        + "',"
                        + selectedLabourHours
                        + ","+ callStd +","
                        + callStd +","
                        + callStd +","
                        + callStd +","
                        + callStd +","
                        + callStd +",(SELECT id FROM discipline_products WHERE discipline_products.product_id = (SELECT id FROM products WHERE c4w_code = "CALSTD")))",
                [],
                function() {
                    console
                            .log("suceessCBinsertIntoProposalProduct when Checkbox unchecked:");
                    window.localStorage.setItem("discipline_product_idCallStd","discipline_IdCallSTD");
                },
                function(err) {
                    console
                            .log("errorCBinsertIntoProposalProduct when Checkbox unchecked:"
                                    + err.message);


});

1 个答案:

答案 0 :(得分:0)

语法错误在这里:

   + callStd +"[...] WHERE c4w_code = "CALSTD")))",

你可能意味着:

   + callStd +"[...] WHERE c4w_code = 'CALSTD')))",

实际上,您已关闭字符串文字,然后获得CALSTD ...

但是,你真的不应该按照你现在的方式构建SQL。它很难阅读,容易出现转换错误(特别是日期/时间值)并且可以打开SQL injection attacks。使用参数化SQL,但这是在您的环境中完成的。如果您的环境不支持参数化SQL,我会非常惊讶。