npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

cordova-sqlite-storage

v6.1.0

Published

Native interface to SQLite for PhoneGap / Cordova - cordova-sqlite-storage plugin version

Downloads

102,578

Readme

Cross-platform SQLite storage plugin for Cordova / PhoneGap - cordova-sqlite-storage plugin version

Native SQLite component with API based on HTML5/Web SQL (DRAFT) API for the following platforms:

  • browser
  • Android
  • iOS

and deprecated desktop platforms:

  • macOS ("osx" platform)
  • Windows 10 (UWP) DESKTOP ~~and MOBILE~~ (see below for major limitations)

The browser platform is now supported with the following options:

LICENSE: MIT, with Apache 2.0 option for Android and Windows platforms (see LICENSE.md for details, including third-party components used by this plugin)

WARNINGS

Comparison of supported plugin versions

| | Free license terms | Commercial license & support | | --- | --- | --- | | cordova-sqlite-storage - core plugin version | MIT (or Apache 2.0 on Android & Windows) | | | cordova-sqlite-ext - with extra features including BASE64 (SELECT BLOB in Base64 format), REGEXP, and pre-populated databases | MIT (or Apache 2.0 on Android & Windows) | | | cordova-sqlite-evcore-extbuild-free - plugin version with lighter resource usage in Android NDK | GPL v3 | available - see https://storesafe.io/ or contact [email protected] | | cordova-plugin-sqlite-evplus-ext-common-free - includes workaround for extra-large result data on Android and lighter resource usage on iOS, macOS, and in Android NDK | GPL v3 | available - see https://storesafe.io/ or contact [email protected] | | cordova-sqlcipher-adapter - includes encryption functionality using SQLCipher for Android/iOS/macOS | Permissive (see cordova-sqlcipher-adapter for details) | available - contact [email protected] | | cordova-sqlite-express-build-support - using built-in SQLite libraries on Android, iOS, and macOS - may be missing some important SQLite updates | MIT (or Apache 2.0 on Android & Windows) | available - contact [email protected] |

in progress

New SQLite plugin design with a simpler API with a working demo - see brodybits/ask-me-anything#3

Breaking changes coming soon

in an upcoming major release - see storesafe/cordova-sqlite-storage#922

some highlights:

  • error code will always be 0 (which is already the case on browser and Windows); actual SQLite3 error code will be part of the error message member whenever possible (see storesafe/cordova-sqlite-storage#821)
  • drop support for location: 0-2 values in openDatabase call (please use location: 'default' or iosDatabaseLocation setting in openDatabase as documented below)
  • throw an exception in case of androidDatabaseImplementation: 2 setting which is now superseded by androidDatabaseProvider: 'system' setting

under consideration:

About this plugin version

This is a common plugin version branch which supports the most widely used features and serves as the basis for other plugin versions.

This version branch uses a before_plugin_install hook to install sqlite3 library dependencies from cordova-sqlite-storage-dependencies via npm.

WARNING: Multiple SQLite problem on multiple platforms

Multiple SQLite problem on Android

This plugin uses non-standard android-sqlite-native-ndk-connector implementation with android-sqlite-ndk-native-driver on Android. In case an application access the same database using multiple plugins there is a risk of data corruption ref: storesafe/cordova-sqlite-storage#626) as described in http://ericsink.com/entries/multiple_sqlite_problem.html and https://www.sqlite.org/howtocorrupt.html.

The workaround is to use the androidDatabaseProvider: 'system' setting as described in the Android database provider section below:

var db = window.sqlitePlugin.openDatabase({
  name: 'my.db',
  location: 'default',
  androidDatabaseProvider: 'system'
});

Multiple SQLite problem on other platforms

This plugin version also uses a fixed version of sqlite3 on iOS, macOS, and Windows. In case the application accesses the same database using multiple plugins there is a risk of data corruption as described in https://www.sqlite.org/howtocorrupt.html (similar to the multiple sqlite problem for Android as described in http://ericsink.com/entries/multiple_sqlite_problem.html).

A quick tour

To open a database:

var db = null;

document.addEventListener('deviceready', function() {
  db = window.sqlitePlugin.openDatabase({
    name: 'my.db',
    location: 'default',
  });
});

IMPORTANT: Like with the other Cordova plugins your application must wait for the deviceready event. This is especially tricky in Angular/ngCordova/Ionic controller/factory/service callbacks which may be triggered before the deviceready event is fired.

Using DRAFT standard transaction API

To populate a database using the DRAFT standard transaction API:

  db.transaction(function(tx) {
    tx.executeSql('CREATE TABLE IF NOT EXISTS DemoTable (name, score)');
    tx.executeSql('INSERT INTO DemoTable VALUES (?,?)', ['Alice', 101]);
    tx.executeSql('INSERT INTO DemoTable VALUES (?,?)', ['Betty', 202]);
  }, function(error) {
    console.log('Transaction ERROR: ' + error.message);
  }, function() {
    console.log('Populated database OK');
  });

or using numbered parameters as documented in https://www.sqlite.org/c3ref/bind_blob.html:

  db.transaction(function(tx) {
    tx.executeSql('CREATE TABLE IF NOT EXISTS DemoTable (name, score)');
    tx.executeSql('INSERT INTO DemoTable VALUES (?1,?2)', ['Alice', 101]);
    tx.executeSql('INSERT INTO DemoTable VALUES (?1,?2)', ['Betty', 202]);
  }, function(error) {
    console.log('Transaction ERROR: ' + error.message);
  }, function() {
    console.log('Populated database OK');
  });

To check the data using the DRAFT standard transaction API:

  db.transaction(function(tx) {
    tx.executeSql('SELECT count(*) AS mycount FROM DemoTable', [], function(tx, rs) {
      console.log('Record count (expected to be 2): ' + rs.rows.item(0).mycount);
    }, function(tx, error) {
      console.log('SELECT error: ' + error.message);
    });
  });

Using plugin-specific API calls

NOTE: These samples will not work with alternative 3 for browser platform support discussed in the alternative browser platform usage notes section below.

To populate a database using the SQL batch API:

  db.sqlBatch([
    'CREATE TABLE IF NOT EXISTS DemoTable (name, score)',
    [ 'INSERT INTO DemoTable VALUES (?,?)', ['Alice', 101] ],
    [ 'INSERT INTO DemoTable VALUES (?,?)', ['Betty', 202] ],
  ], function() {
    console.log('Populated database OK');
  }, function(error) {
    console.log('SQL batch ERROR: ' + error.message);
  });

or using numbered parameters as documented in https://www.sqlite.org/c3ref/bind_blob.html:

  db.sqlBatch([
    'CREATE TABLE IF NOT EXISTS DemoTable (name, score)',
    [ 'INSERT INTO DemoTable VALUES (?1,?2)', ['Alice', 101] ],
    [ 'INSERT INTO DemoTable VALUES (?1,?2)', ['Betty', 202] ],
  ], function() {
    console.log('Populated database OK');
  }, function(error) {
    console.log('SQL batch ERROR: ' + error.message);
  });

To check the data using the single SQL statement API:

  db.executeSql('SELECT count(*) AS mycount FROM DemoTable', [], function(rs) {
    console.log('Record count (expected to be 2): ' + rs.rows.item(0).mycount);
  }, function(error) {
    console.log('SELECT SQL statement ERROR: ' + error.message);
  });

More detailed sample

See the Sample section below for a sample with a more detailed explanation (using the DRAFT standard transaction API).

Status

  • This plugin is not supported by PhoneGap Developer App or PhoneGap Desktop App.
  • A recent version of the Cordova CLI is recommended.
  • This plugin version uses a before_plugin_install hook to install sqlite3 library dependencies from cordova-sqlite-storage-dependencies via npm.
  • Use of other systems such as Cordova Plugman, PhoneGap CLI, PhoneGap Build, and Intel XDK is no longer supported by this plugin version since they do not honor the before_plugin_install hook. The supported solution is to use storesafe/cordova-sqlite-evcore-extbuild-free (GPL v3 or commercial license terms); deprecated alternative with permissive license terms is available at: brodybits/cordova-sqlite-legacy-build-support (very limited testing, very limited updates).
  • SQLite 3.40.0 included when building (all platforms), with the following compile-time definitions:
    • SQLITE_THREADSAFE=1 (SQLITE_THREADSAFE=0 for sql.js on browser platform)
    • SQLITE_DEFAULT_SYNCHRONOUS=3 (EXTRA DURABLE build setting) ref: storesafe/cordova-sqlite-storage#736 (except for sql.js on browser platform)
    • SQLITE_DEFAULT_MEMSTATUS=0 (except for sql.js on browser platform)
    • SQLITE_OMIT_DECLTYPE (except for sql.js on browser platform)
    • SQLITE_OMIT_DEPRECATED (except for sql.js on browser platform)
    • SQLITE_OMIT_PROGRESS_CALLBACK (except for sql.js on browser platform)
    • SQLITE_OMIT_SHARED_CACHE (except for sql.js on browser platform)
    • SQLITE_TEMP_STORE=2 (except for sql.js on browser platform)
    • SQLITE_OMIT_LOAD_EXTENSION
    • SQLITE_ENABLE_FTS3
    • SQLITE_ENABLE_FTS3_PARENTHESIS
    • SQLITE_ENABLE_FTS4
    • SQLITE_ENABLE_RTREE
    • SQLITE_DEFAULT_PAGE_SIZE=4096 - new default page size ref: http://sqlite.org/pgszchng2016.html
    • SQLITE_DEFAULT_CACHE_SIZE=-2000 (Android only) new default cache size ref: http://sqlite.org/pgszchng2016.html
    • SQLITE_OS_WINRT (Windows only)
    • NDEBUG on Windows (Release build only)
    • SQLITE_DISABLE_LFS for sql.js on browser platform only
  • SQLITE_DBCONFIG_DEFENSIVE flag is used for extra SQL safety on all platforms Android/iOS/macOS/Windows ref:
  • The iOS database location is now mandatory, as documented below.
  • This version branch supports the use of two (2) possible Android sqlite database implementations:
  • Support for WP8 along with Windows 8.1/Windows Phone 8.1/Windows 10 using Visual Studio 2015 is available in: brodybits/cordova-sqlite-legacy-build-support
  • The following features are available in brodybits/cordova-sqlite-ext:
    • REGEXP (Android/iOS/macOS)
    • SELECT BLOB data in Base64 format (Android/iOS/macOS/Windows)
    • Pre-populated database (Android/iOS/macOS/Windows)
  • Amazon Fire-OS is dropped due to lack of support by Cordova. Android platform version should be used to deploy to Fire-OS 5.0(+) devices. For reference: cordova/cordova-discuss#32 (comment)
  • The new browser platform implementation using sql-asm-memory-growth.js built from storesafe/sql.js (fork of sql-js/sql.js) has the following major limitations:
    • missing actual persistence
    • missing certain feature(s) such as R-Tree
    • INCONSISTENT error code (0)
    • Truncation issue with UNICODE \u0000 character (same as \0)
    • No background processing
    • multiple updates with key not supported properly, due to inability to create temporary transaction files
    • excess argument values ignored
    • error messages not always consistent in case of bogus API arguments on Chrome, Edge, or Firefox
    • Not possible to SELECT BLOB column values directly. It is recommended to use built-in HEX function to retrieve BLOB column values, which should work consistently across all platform implementations as well as (WebKit) Web SQL.
  • Windows platform version using a customized version of the performant doo/SQLite3-WinRT C++ component, based on brodybits/SQLite3-WinRT - sync-api-fix branch, with the following known limitations:
    • This plugin version branch has dependency on platform toolset libraries included by Visual Studio 2017 ref: storesafe/cordova-sqlite-storage#580. (Visual Studio 2019 is not supported with cordova-windows, see apache/cordova-windows#327.) Visual Studio 2015 is now supported by brodybits/cordova-sqlite-legacy (permissive license terms, no performance enhancements for Android) and brodybits/cordova-sqlite-evcore-legacy-ext-common-free (GPL v3 or commercial license terms, with performance enhancements for Android). UNTESTED workaround for Visual Studio 2015: it may be possible to support this plugin version on Visual Studio 2015 Update 3 by installing platform toolset v141.)
    • Visual Studio components needed: Universal Windows Platform development, C++ Universal Windows Platform tools. A recent version of Visual Studio 2017 will offer to install any missing feature components.
    • It is not possible to use this plugin with the default "Any CPU" target. A specific target CPU type must be specified when building an app with this plugin.
    • ARM target CPU for Windows Mobile is no longer supported.
    • The SQLite3-WinRT component in src/windows/SQLite3-WinRT-sync is based on doo/SQLite3-WinRT commit f4b06e6 from 2012, which is missing the asynchronous C++ API improvements. There is no background processing on the Windows platform.
    • Truncation issue with UNICODE \u0000 character (same as \0)
    • INCONSISTENT error code (0) and INCORRECT error message (missing actual error info) in error callbacks ref: storesafe/cordova-sqlite-storage#539
    • Not possible to SELECT BLOB column values directly. It is recommended to use built-in HEX function to retrieve BLOB column values, which should work consistently across all platform implementations as well as (WebKit) Web SQL. Non-standard BASE64 function to SELECT BLOB column values in Base64 format is supported by brodybits/cordova-sqlite-ext (permissive license terms) and storesafe/cordova-sqlite-evcore-extbuild-free (GPL v3 or commercial license terms).
    • now deprecated ref: https://github.com/apache/cordova-docs/pull/1118; https://lists.apache.org/thread/lqq2xoy3pjqcyl052gv0qom2f31zgg8k
    • Windows platform version uses UTF-16le internal database encoding while the other platform versions use UTF-8 internal encoding. (UTF-8 internal encoding is preferred ref: storesafe/cordova-sqlite-storage#652)
    • Known issue with database names that contain certain US-ASCII punctuation and control characters (see below)
  • The macOS platform version ("osx" platform) is supported with the following known limitations and issues:
  • Android platform versions supported: minimum: 5.1; see also: https://cordova.apache.org/docs/en/latest/guide/platforms/android/
  • iOS platform versions supported: see https://cordova.apache.org/docs/en/latest/guide/platforms/ios/index.html; see also deviations section below for differences between WKWebView (cordova-ios 6.0(+)) and UIWebView (cordova-ios pre-6.0)
  • FTS3, FTS4, and R-Tree features are tested and supported on all target platforms in this plugin version branch.
  • Default PRAGMA journal_mode setting (tested):
    • Android use of the androidDatabaseProvider: 'system' setting: persist (pre-8.0) / truncate (Android 8.0, 8.1, 10(+)) / wal (Android 9.0 Pie)
    • otherwise: delete
  • AUTO-VACUUM is not enabled by default. If no form of VACUUM or PRAGMA auto_vacuum is used then sqlite will automatically reuse deleted data space for new data but the database file will never shrink. For reference: http://www.sqlite.org/pragma.html#pragma_auto_vacuum and storesafe/cordova-sqlite-storage#646
  • In case of memory issues please use smaller transactions or use storesafe/cordova-sqlite-evcore-extbuild-free (GPL v3 or commercial license terms).

Announcements

Highlights

  • Drop-in replacement for HTML5/Web SQL (DRAFT) API: the only change should be to replace the static window.openDatabase() factory call with window.sqlitePlugin.openDatabase(), with parameters as documented below. Known deviations are documented in the deviations section below.
  • Failure-safe nested transactions with batch processing optimizations (according to HTML5/Web SQL (DRAFT) API)
  • Transaction API (based on HTML5/Web SQL (DRAFT) API) is designed for maximum flexiblibility, does not allow any transactions to be left hanging open.
  • As described in this posting:
    • Keeps sqlite database in known, platform specific user data location on all supported platforms (except for browser), which can be reconfigured on iOS/macOS. Whether or not the database on the iOS platform is synchronized to iCloud depends on the selected database location.
    • No arbitrary size limit. SQLite limits described at: http://www.sqlite.org/limits.html
  • Also validated for multi-page applications by internal test selfTest function.
  • This project is self-contained though with sqlite3 dependencies auto-fetched by npm. There are no dependencies on other plugins such as cordova-plugin-file.
  • Windows platform version uses a customized version of the performant doo/SQLite3-WinRT C++ component.
  • SQLCipher support for Android/iOS/macOS is available in: brodybits/cordova-sqlcipher-adapter
  • Intellectual property:
    • All source code is tracked to the original author in git
    • Major authors are tracked in AUTHORS.md
    • License of each component is tracked in LICENSE.md
    • History of this project is also described in HISTORY.md

TIP: It is possible to migrate from Cordova to a pure native solution and continue using the data stored by this plugin.

Getting started

Recommended prerequisites

  • Install a recent version of Cordova CLI, create a simple app with no plugins, and run it on the desired target platforms.
  • Add a very simple plugin such as cordova-plugin-dialogs or an echo plugin and get it working. Ideally you should be able to handle a callback with some data coming from a prompt.

These prereqisites are very well documented in a number of excellent resources including:

More resources can be found by https://www.google.com/search?q=cordova+tutorial. There are even some tutorials available on YouTube as well.

In addition, this guide assumes a basic knowledge of some key JavaScript concepts such as variables, function calls, and callback functions. There is an excellent explanation of JavaScript callbacks at http://cwbuecheler.com/web/tutorials/2013/javascript-callbacks/.

MAJOR TIPS: As described in the Installing section:

  • In case of extra-old Cordova CLI pre-7.0, it is recommended to use the --save flag when installing plugins to add them to config.xml / package.json. (This is automatic starting with Cordova CLI 7.0.)
  • Assuming that all plugins are added to config.xml or package.json, there is no need to commit the plugins subdirectory tree into the source repository.
  • In general it is not recommended to commit the platforms subdirectory tree into the source repository.

NOTICE: This plugin is only supported with the Cordova CLI. This plugin is not supported with other Cordova/PhoneGap systems such as PhoneGap CLI, PhoneGap Build, Plugman, Intel XDK, Webstorm, etc.

Alternative browser platform usage notes

As stated above the browser platform is now supported with features such as numbered parameters now working using storesafe/sql.js (fork of sql-js/sql.js), with no actual persistence.

Here are some alternative solutions for now that do support persistence, with features such as numbered paramters (?1, ?2, etc.) not supported:

  1. Use brodybits/sql-promise-helper as described in brodybits/sql-promise-helper#4
  2. Mocking on Ionic Native is possible as described in https://www.techiediaries.com/mocking-native-sqlite-plugin/ and https://medium.com/@tintin301/ionic-sqlite-storage-setting-up-for-browser-development-and-testing-67c0f17fc7af
  3. Open the database as follows:
if (window.cordova.platformId === 'browser') db = window.openDatabase('MyDatabase', '1.0', 'Data', 2*1024*1024);
else db = window.sqlitePlugin.openDatabase({name: 'MyDatabase.db', location: 'default'});

or more compactly:

db = (window.cordova.platformId === 'browser') ?
  window.openDatabase('MyDatabase', '1.0', 'Data', 2*1024*1024) :
  window.sqlitePlugin.openDatabase({name: 'MyDatabase.db', location: 'default'});

(lower limit needed to avoid extra permission request popup on Safari)

and limit database access to DRAFT standard transactions, no plugin-specific API calls:

  • no executeSql calls outside DRAFT standard transactions
  • no sqlBatch calls
  • no echoTest or selfTest possible
  • no deleteDatabase calls

This kind of usage on Safari and Chrome desktop browser (with (WebKit) Web SQL) is now covered by the spec test suite.

It would be ideal for the application code to abstract the part with the openDatabase() call away from the rest of the database access code.

Windows platform notes

Use of this plugin on the Windows platform is not always straightforward, due to the need to build the internal SQLite3 C++ library. The following tips are recommended for getting started with Windows:

  • First start to build and run an app on another platform such as Android, iOS, or even browser with this plugin.
  • Try working with a very simple app using simpler plugins such as cordova-plugin-dialogs and possibly cordova-plugin-file on the Windows platform.
  • Read through the Windows platform usage subsection (under the Installing section).
  • Then try adding this plugin to a very simple app such as brodybits/cordova-sqlite-test-app and running the Windows project in the Visual Studio GUI with a specific target CPU selected. WARNING: It is not possible to use this plugin with the "Any CPU" target.

Quick installation

Use the following command to install this plugin version from the Cordova CLI:

cordova plugin add cordova-sqlite-storage # --save RECOMMENDED for Cordova CLI pre-7.0

Add any desired platform(s) if not already present, for example:

cordova platform add android

OPTIONAL: prepare before building (MANDATORY for cordova-ios older than 4.3.0 (Cordova CLI 6.4.0))

cordova prepare

or to prepare for a single platform, Android for example:

cordova prepare android

Please see the Installing section for more details.

NOTE: The new brodybits/cordova-sqlite-test-app project includes the echo test, self test, and string test described below along with some more sample functions.

Self test

Try the following programs to verify successful installation and operation:

Echo test - verify successful installation and build:

document.addEventListener('deviceready', function() {
  window.sqlitePlugin.echoTest(function() {
    console.log('ECHO test OK');
  });
});

Self test - automatically verify basic database access operations including opening a database; basic CRUD operations (create data in a table, read the data from the table, update the data, and delete the data); close and delete the database:

document.addEventListener('deviceready', function() {
  window.sqlitePlugin.selfTest(function() {
    console.log('SELF test OK');
  });
});

NOTE: It may be easier to use a JavaScript or native alert function call along with (or instead of) console.log to verify that the installation passes both tests. Same for the SQL string test variations below. (Note that the Windows platform does not support the standard alert function, please use cordova-plugin-dialogs instead.)

SQL string test

This test verifies that you can open a database, execute a basic SQL statement, and get the results (should be TEST STRING):

document.addEventListener('deviceready', function() {
  var db = window.sqlitePlugin.openDatabase({name: 'test.db', location: 'default'});
  db.transaction(function(tr) {
    tr.executeSql("SELECT upper('Test string') AS upperString", [], function(tr, rs) {
      console.log('Got upperString result: ' + rs.rows.item(0).upperString);
    });
  });
});

Here is a variation that uses a SQL parameter instead of a string literal:

document.addEventListener('deviceready', function() {
  var db = window.sqlitePlugin.openDatabase({name: 'test.db', location: 'default'});
  db.transaction(function(tr) {
    tr.executeSql('SELECT upper(?) AS upperString', ['Test string'], function(tr, rs) {
      console.log('Got upperString result: ' + rs.rows.item(0).upperString);
    });
  });
});

Moving forward

It is recommended to read through the usage and sample sections before building more complex applications. In general it is recommended to start by doing things one step at a time, especially when an application does not work as expected.

The brodybits/cordova-sqlite-test-app sample is intended to be a boilerplate to reproduce and demonstrate any issues you may have with this plugin. You may also use it as a starting point to build a new app.

In case you get stuck with something please read through the support section and follow the instructions before raising an issue. Professional support is also available by contacting: [email protected]

Plugin usage examples and tutorials

Simple example:

Tutorials:

PITFALL WARNING: A number of tutorials show up in search results that use Web SQL database instead of this plugin.

WANTED: simple, working CRUD tutorial sample ref: storesafe/cordova-sqlite-storage#795

SQLite resources

Some other Cordova resources

Some apps using this plugin

Security

Security of sensitive data

According to Web SQL Database API 7.2 Sensitivity of data:

User agents should treat persistently stored data as potentially sensitive; it's quite possible for e-mails, calendar appointments, health records, or other confidential documents to be stored in this mechanism.

To this end, user agents should ensure that when deleting data, it is promptly deleted from the underlying storage.

Unfortunately this plugin will not actually overwrite the deleted content unless the secure_delete PRAGMA is used.

SQL injection

As "strongly recommended" by Web SQL Database API 8.5 SQL injection:

Authors are strongly recommended to make use of the ? placeholder feature of the executeSql() method, and to never construct SQL statements on the fly.

Avoiding data loss

  • Double-check that the application code follows the documented API for SQL statements, parameter values, success callbacks, and error callbacks.
  • For standard Web SQL transactions include a transaction error callback with the proper logic that indicates to the user if data cannot be stored for any reason. In case of individual SQL error handlers be sure to indicate to the user if there is any issue with storing data.
  • For single statement and batch transactions include an error callback with logic that indicates to the user if data cannot be stored for any reason.

Deviations

Some known deviations from the Web SQL database standard

  • The window.sqlitePlugin.openDatabase static factory call takes a different set of parameters than the standard Web SQL window.openDatabase static factory call. In case you have to use existing Web SQL code with no modifications please see the Web SQL replacement tip below.
  • This plugin does not support the database creation callback or standard database versions. Please read the Database schema versions section below for tips on how to support database schema versioning.
  • This plugin does not support the synchronous Web SQL interfaces.
  • Known issues with handling of certain ASCII/UNICODE characters as described below.
  • It is possible to request a SQL statement list such as "SELECT 1; SELECT 2" within a single SQL statement string, however the plugin will only execute the first statement and silently ignore the others ref: storesafe/cordova-sqlite-storage#551
  • It is possible to insert multiple rows like: transaction.executeSql('INSERT INTO MyTable VALUES (?,?),(?,?)', ['Alice', 101, 'Betty', 102]); which was not supported by SQLite 3.6.19 as referenced by Web SQL (DRAFT) API section 5. The iOS WebKit Web SQL implementation seems to support this as well.
  • Unlike the HTML5/Web SQL (DRAFT) API this plugin handles executeSql calls with too few parameters without error reporting. In case of too many parameters this plugin reports error code 0 (SQLError.UNKNOWN_ERR) while Android/iOS (WebKit) Web SQL correctly reports error code 5 (SQLError.SYNTAX_ERR) ref: https://www.w3.org/TR/webdatabase/#dom-sqlexception-code-syntax
  • Positive and negative Infinity SQL parameter argument values are treated like null by this plugin on Android and iOS ref: storesafe/cordova-sqlite-storage#405
  • Positive and negative Infinity result values cause a crash on iOS/macOS cases ref: storesafe/cordova-sqlite-storage#405
  • Known issue(s) with of certain ASCII/UNICODE characters as described below.
  • Boolean true and false values are handled by converting them to the "true" and "false" TEXT string values, same as WebKit Web SQL on Android and iOS. This does not seem to be 100% correct as discussed in: storesafe/cordova-sqlite-storage#545
  • A number of uncategorized errors such as CREATE VIRTUAL TABLE USING bogus module are reported with error code 5 (SQLError.SYNTAX_ERR) on Android/iOS/macOS by both (WebKit) Web SQL and this plugin.
  • Error is reported with error code of 0 on Windows as well as Android with the androidDatabaseProvider: 'system' setting described below.
  • In case of an issue that causes an API function to throw an exception (Android/iOS WebKit) Web SQL includes includes a code member with value of 0 (SQLError.UNKNOWN_ERR) in the exception while the plugin includes no such code member.
  • This plugin supports some non-standard features as documented below.
  • SELECT with BLOB data such as SELECT LOWER(X'40414243') AS myresult, SELECT X'40414243' AS myresult, or SELECT of data stored by INSERT INTO MyTable VALUES (X'40414243') returns nonsense results on browser and results in an error on Android with use of androidDatabaseProvider: 'system' setting and Windows. (These work with Android/iOS WebKit Web SQL and have been supported by SQLite for a number of years.)
  • Whole number parameter argument values such as 42, -101, or 1234567890123 are handled as INTEGER values by this plugin on browser, Android, iOS (cordova-ios pre-6.0), and Windows while they are handled as REAL values by (WebKit) Web SQL and by this plugin on iOS with WKWebView (cordova-ios 6.0(+)) or macOS ("osx"). This is evident in certain test operations such as SELECT ? as myresult or SELECT TYPEOF(?) as myresult and storage in a field with TEXT affinity.
  • INTEGER, REAL, +/- Infinity, NaN, null, undefined parameter argument values are handled as TEXT string values on Android with use of the androidDatabaseProvider: 'system' setting. (This is evident in certain test operations such as SELECT ? as myresult or SELECT TYPEOF(?) as myresult and storage in a field with TEXT affinity.)
  • In case of invalid transaction callback arguments such as string values the plugin attempts to execute the transaction while (WebKit) Web SQL would throw an exception.
  • The plugin handles invalid SQL arguments array values such as false, true, or a string as if there were no arguments while (WebKit) Web SQL would throw an exception. NOTE: In case of a function in place of the SQL arguments array WebKit Web SQL would report a transaction error while the plugin would simply ignore the function.
  • In case of invalid SQL callback arguments such as string values the plugin may execute the SQL and signal transaction success or failure while (WebKit) Web SQL would throw an exception.
  • In certain cases such as transaction.executeSql(null) or transaction.executeSql(undefined) the plugin throws an exception while (WebKit) Web SQL indicates a transaction failure.
  • In certain cases such as transaction.executeSql() with no arguments (Android/iOS WebKit) Web SQL includes includes a code member with value of 0 (SQLError.UNKNOWN_ERR) in the exception while the plugin includes no such code member.
  • If the SQL arguments are passed in an Array subclass object where the constructor does not point to Array then the SQL arguments are ignored by the plugin.
  • The results data objects are not immutable as specified/implied by Web SQL (DRAFT) API section 4.5.
  • This plugin supports use of numbered parameters (?1, ?2, etc.) as documented in https://www.sqlite.org/c3ref/bind_blob.html, not supported by HTML5/Web SQL (DRAFT) API ref: Web SQL (DRAFT) API section 4.2.
  • In case of UPDATE this plugin reports insertId with the result of sqlite3_last_insert_rowid() (except for Android with androidDatabaseProvider: 'system' setting) while attempt to access insertId on the result set database opened by HTML5/Web SQL (DRAFT) API results in an exception.

Security of deleted data

See Security of sensitive data in the Security section above.

Other differences with WebKit Web SQL implementations

  • FTS3 is not consistently supported by (WebKit) Web SQL on Android/iOS.
  • FTS4 and R-Tree are not consistently supported by (WebKit) Web SQL on Android/iOS or desktop browser.
  • In case of ignored INSERT OR IGNORE statement WebKit Web SQL (Android/iOS) reports insertId with an old INSERT row id value while the plugin reports insertId: undefined.
  • In case of a SQL error handler that does not recover the transaction, WebKit Web SQL (Android/iOS) would incorrectly report error code 0 while the plugin would report the same error code as in the SQL error handler. (In case of an error with no SQL error handler then Android/iOS WebKit Web SQL would report the same error code that would have been reported in the SQL error hander.)
  • In case a transaction function throws an exception, the message and code if present are reported by the plugin but not by (WebKit) Web SQL.
  • SQL error messages are inconsistent on Windows.
  • There are some other differences in the SQL error messages reported by WebKit Web SQL and this plugin.

Known issues

  • The iOS/macOS platform versions do not support certain rapidly repeated open-and-close or open-and-delete test scenarios due to how the implementation handles background processing
  • Non-standard encoding of emojis and other 4-byte UTF-8 characters on Android pre-6.0 with default Android NDK implementation ref: storesafe/cordova-sqlite-storage#564 (this is not an issue when using the androidDatabaseProvider: 'system' setting)
  • It is possible to request a SQL statement list such as "SELECT 1; SELECT 2" within a single SQL statement string, however the plugin will only execute the first statement and silently ignore the others ref: storesafe/cordova-sqlite-storage#551
  • Execution of INSERT statement that affects multiple rows (due to SELECT cause or using TRIGGER(s), for example) reports incorrect rowsAffected on Android with use of the androidDatabaseProvider: 'system' setting.
  • Memory issue observed when adding a large number of records due to the JSON implementation which is improved in storesafe/cordova-sqlite-evcore-extbuild-free (GPL v3 or commercial license terms)
  • Infinity (positive or negative) values are not supported on Android/iOS/macOS due to issues described above including a possible crash on iOS/macOS ref: storesafe/cordova-sqlite-storage#405
  • A stability issue was reported on the iOS platform version when in use together with SockJS client such as pusher/pusher-js at the same time (see storesafe/cordova-sqlite-storage#196). The workaround is to call sqlite functions and SockJS client functions in separate ticks (using setTimeout with 0 timeout).
  • SQL errors are reported with incorrect & inconsistent error message on Windows - missing actual error info ref: storesafe/cordova-sqlite-storage#539.
  • Close/delete database bugs described below.
  • PRAGMA database_list reports nonsense database file name on browser platform.
  • When a database is opened and deleted without closing, the iOS/macOS platform version is known to leak resources.
  • It is NOT possible to open multiple databases with the same name but in different locations (iOS/macOS platform version).

Some additional issues are tracked in open cordova-sqlite-storage bug-general issues.

Other limitations

  • ~~The db version, display name, and size parameter values are not supported and will be ignored.~~ (No longer supported by the API)
  • Absolute and relative subdirectory path(s) are not tested or supported.
  • This plugin will not work before the callback for the 'deviceready' event has been fired, as described in Usage. (This is consistent with the other Cordova plugins.)
  • Some extremely large records may not work with this plugin version, especially on Android. It is recommended to store images and similar binary data in separate files. A workaround for extra-large result data on Android is available in storesafe/cordova-plugin-sqlite-evplus-ext-common-free (GPL v3 or commercial license terms).
  • This plugin version will not work within a web worker (not properly supported by the Cordova framework). Use within a web worker is supported for Android/iOS/macOS in litehelpers/cordova-sqlite-evmax-ext-workers-legacy-build-free (GPL v3 or special premium commercial license terms).
  • In-memory database db=window.sqlitePlugin.openDatabase({name: ':memory:', ...}) is currently not supported.
  • The Android platform version cannot properly support more than 100 open database files due to the threading model used.
  • SQL error messages reported by Windows platform version are not consistent with Android/iOS/macOS platform versions.
  • SQL error messages reported on browser platform are not always consistent on Chrome, Edge, or Firefox in case of bogus API arguments.
  • UNICODE \u2028 (line separator) and \u2029 (paragraph separator) characters are currently not supported and known to be broken on iOS, macOS, and Android platform versions due to JSON issues reported in apache/cordova-ios#402 and cordova/cordova-discuss#57. This is fixed with a workaround for iOS/macOS in: litehelpers/Cordova-sqlite-evplus-legacy-free and litehelpers/Cordova-sqlite-evplus-legacy-attach-detach-free (GPL v3 or special commercial license terms) as well as litehelpers/cordova-sqlite-evmax-ext-workers-legacy-build-free (GPL v3 or premium commercial license terms).
  • SELECT BLOB column value type is not supported consistently across all platforms (not supported on Windows; nonsense result on browser platform). It is recommended to use the built-in HEX function to SELECT BLOB column data in hexadecimal format, working consistently across all platforms. As an alternative: SELECT BLOB in Base64 format is supported by brodybits/cordova-sqlite-ext (permissive license terms) and storesafe/cordova-sqlite-evcore-extbuild-free (GPL v3 or commercial license options).
  • Database files with certain multi-byte UTF-8 characters are not tested and not expected to work consistently across all platform implementations.
  • Issues with UNICODE \u0000 character (same as \0):
  • Case-insensitive matching and other string manipulations on Unicode characters, which is provided by optional ICU integration in the sqlite source and working with recent versions of Android, is not supported for any target platforms.
  • The iOS/macOS platform version uses a thread pool but with only one thread working at a time due to "synchronized" database access.
  • Some large query results may be slow, also due to the JSON implementation.
  • ATTACH to another database file is not supported by this version branch. Attach/detach is supported for Android, iOS, and macOS (along with the memory and iOS UNICODE \u2028 line separator / \u2029 paragraph separator fixes) in litehelpers/Cordova-sqlite-evplus-legacy-attach-detach-free (GPL v3 or special commercial license terms).
  • UPDATE/DELETE with LIMIT or ORDER BY is not supported.
  • WITH clause is not supported on some older Android platform versions in case the androidDatabaseProvider: 'system' setting is used.
  • User-defined savepoints are not supported and not expected to be compatible with the transaction locking mechanism used by this plugin. In addition, the use of BEGIN/COMMIT/ROLLBACK statements is not supported.
  • Issues have been reported with using this plugin together with the now unsupported Crosswalk for Android, especially on x86_64 CPU (storesafe/cordova-sqlite-storage#336). Please see storesafe/cordova-sqlite-storage#336 (comment) for workaround on x64 CPU. In addition it may be helpful to install Crosswalk as a plugin instead of using Crosswalk to create a project that will use this plugin.
  • Does not work with axemclion/react-native-cordova-plugin since the window.sqlitePlugin object is NOT properly exported (ES5 feature). It is recommended to use andpor/react-native-sqlite-storage for SQLite database access with React Native Android/iOS instead.
  • Does not support named parameters (?NNN/:AAA/@AAAA/$AAAA parameter placeholders as documented in https://www.sqlite.org/lang_expr.html#varparam and https://www.sqlite.org/c3ref/bind_blob.html) ref: storesafe/cordova-sqlite-storage#717
  • User defined functions not supported, due to problems described in storesafe/cordova-sqlite-storage#741

Additional limitations are tracked in marked cordova-sqlite-storage doc-todo issues.

Further testing needed

Some tips and tricks

  • In case of issues with code that follows the asynchronous Web SQL transaction API, it is possible to test with a test database using window.openDatabase for comparison with (WebKit) Web SQL.
  • In case your database schema may change, it is recommended to keep a table with one row and one column to keep track of your own schema version number. It is possible to add it later. The recommended schema update procedure is described below.

Pitfalls

Extremely common pitfall(s)

IMPORTANT: A number of tutorials and samples in search results suffer from the following pitfall:

  • If a database is opened using the standard window.openDatabase call it will not have any of the benefits of this plugin and features such as the sqlBatch call would not be available.

Common update pitfall(s)

  • Updates such as database schema changes, migrations from use of Web SQL, migration between data storage formats must be handled with extreme care. It is generally extremely difficult or impossible to predict when users will install application updates. Upgrades from old database schemas and formats must be supported for a very long time.

Other common pitfall(s)

  • It is NOT allowed to execute sql statements on a transaction that has already finished, as described below. This is consistent with the HTML5/Web SQL (DRAFT) API.
  • The plugin class name starts with "SQL" in capital letters, but in Javascript the sqlitePlugin object name starts with "sql" in small letters.
  • Attempting to open a database before receiving the 'deviceready' event callback.
  • Inserting STRING into ID field
  • Auto-vacuum is NOT enabled by default. It is recommended to periodically VACUUM the database. If no form of VACUUM or PRAGMA auto_vacuum is used then sqlite will automatically reuse deleted data space for new data but the database file will never shrink. For reference: http://www.sqlite.org/pragma.html#pragma_auto_vacuum and storesafe/cordova-sqlite-storage#646
  • Transactions on a database are run sequentially. A large transaction could block smaller transactions requested afterwards.

Some weird pitfall(s)

Angular/ngCordova/Ionic-related pitfalls

Windows platform pitfalls

  • This plugin does not work with the default "Any CPU" target. A specific, valid CPU target platform must be specified.
  • It is not allowed to change the app ID in the Windows platform project. As described in the Windows platform usage of the Installing section a Windows-specific app ID may be declared using the windows-identity-name attribute or "WindowsStoreIdentityName" setting.
  • A problem locating SQLite3.md generally means that there was a problem building the C++ library.
  • Visual Studio 2015 is no longer supported by this plugin version. Visual Studio 2015 is now supported by brodybits/cordova-sqlite-legacy (for Windows 8.1, Windows Phone 8.1, and Windows 10 builds).

General Cordova pitfalls

Documented in: brodybits/Avoiding-some-Cordova-pitfalls

General SQLite pitfalls

From https://www.sqlite.org/datatype3.html#section_1:

SQLite uses a more general dynamic type system.

This is generally nice to have, especially in conjunction with a dynamically typed language such as JavaScript. Here are some major SQLite data typing principles:

  • From https://www.sqlite.org/datatype3.html#section_3: the CREATE TABLE SQL statement declares each column with one of the following type affinities: TEXT, NUMERIC, INTEGER, REAL, or BLOB.
  • From https://www.sqlite.org/datatype3.html#section_3_1 with column type affinity determination rules: it should be possible to do CREATE TABLE with columns of almost any type name (for example: CREATE TABLE MyTable (data ABC);) and each column type affinity is determined according to pattern matching. If a declared column type