Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 993 by nickretallack: Parameter substitution is not working in
some situations
http://code.google.com/p/gears/issues/detail?id=993
What steps will reproduce the problem?
1. Save the following snippetas an html file, alongside gears_init.js
<script type="text/javascript" src="gears_init.js"></script>
<script type="text/javascript">
var db = google.gears.factory.create('beta.database');
db.open('some-never-used-database-name')
db.execute('create table a (b text)')
</script>
2. Open it in safari with gears installed
3. Develop -> Start Debugging Javascript, and type this in the console:
db.execute('insert into a (b) values (?)', ['testing'])
What is the expected output? What do you see instead?
I expected it to work. It works if you write it into the script. However,
if you type it at the
console, it says "Error: Wrong number of SQL parameters." It causes
similar errors when I try to
run it with jsUnit. This is making testing quite difficult.
What version of the product are you using? On what operating system?
0.5.33.0;official;opt;osx;safari
Safari Version 4.0.4 (5531.21.10)
Mac OSX Version 10.5.8
Please provide any additional information below.
This is an issue with substituting for the question marks.
If you instead say this at the console, it works:
db.execute('insert into a (b) values ("testing")')
This is a shame, because this workaround encourages sql injection.
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
