Building a SQLite statement in JS and I'm not getting the full command I want-Collection of common programming errors

If by JS you mean JavaScript, then this is not what’s happening. Here’s the jsfiddle:

• http://jsfiddle.net/Ka938/

Try it and you will see it’s not a JS problem. The escaping is probably happening later in the process, when this gets to the server or something. Don’t know the exact details to help there.

As a guess, if you are using PHP and (s)printf, then sending %f (where f is coming from foo example you used) is going to mean it expects a float – it would display an error, though.

As a side note, it seems that you are sending SQL from the client to the server. If so, it’s probably a very bad idea to do this, especially if you are not doing any SQL escaping, as you are not per above. Take a look here:

• http://en.wikipedia.org/wiki/SQL_injection

for basic details.

I’m not familiar with webOS, but check this SOq for something that looks to be handling SQL parameters correctly:

Definitively worth doing some more investigation about how to do this properly in webOS – Google is your friend.

Originally posted 2013-11-09 22:39:13.