我正在开始sql处理错误sql:underfined here.Here我要检查登录表单是否与名为student的数据库匹配,如果匹配了一个带有欢迎消息的警报弹出窗口并转移到下一页。我该如何修复代码?
document.addEventListener("deviceready", onDeviceReady, false);
var db;
function onDeviceReady() {
db = window.openDatabase("Database", "1.0", "Student",2*1024*1024);
db.transaction(createDB, errorCB, successCB);
}
function loginForm(){
db.transaction(checkDB, errorCB);
$.mobile.changePage("#page5",{reverse:false,transition:"slide"});
return false;
}
function checkDB(tx){
var _matric=$("[name='matric']").val();
var _password=$("[name='password']").val();
var sql ='select * from STUDENT where matric='+_matric+' and password='+_password+'';
tx.executeSql(sql,[],successLoginDB,errorCB);
}
function successLoginDB(tx,results){
var len = results.rows.length;
var _name =$("[name='name']").val();
if (len==1) {alert("Welcome "+_name);}
}
答案 0 :(得分:0)
首先,您的代码容易受到SQL Injection的攻击,请使用args修复它:
function loginForm(){
db.transaction(checkDB, errorCB);
$.mobile.changePage("#page5",{reverse:false,transition:"slide"});
return false;
}
function checkDB(tx){
var matric=$("[name='matric']").val();
var password=$("[name='password']").val();
var sql ='select * from STUDENT where matric = ? and password = ?';
tx.executeSql(sql,[matric, password],successLoginDB,errorCB);
}
function successLoginDB(tx,results){
var len = results.rows.length;
var name =$("[name='name']").val();
if (len==1) {alert("Welcome "+name);}
}
关于错误;我确定你在cordova加载之前尝试使用webSQL。你需要等待#34; DOM Ready" (用于读取文本输入)和" deviceready"访问WebSQL:
document.addEventListener("deviceready", onDeviceReady, false);
var onDeviceReady = function () {
// Start here.
}
请发布更多信息。