search

storesafe / cordova-sqlcipher-adapter

A Cordova/PhoneGap plugin to create and access encrypted databases on Android, iOS, and Windows with API similar to HTML5/Web SQL API
Other
89 stars 55 forks source link

readme

Cordova/PhoneGap SQLCipher adapter plugin - maintenance only

Native interface to SQLCipher version 4 in a Cordova/PhoneGap plugin with API based on HTML5/Web SQL (DRAFT) API for the following platforms:

Plugin version 0.2.x (with known security issues) is required for SQLCipher 3 support. For future consideration: support migration between SQLCipher 3 and SQLCipher 4 (brodybits/cordova-sqlcipher-adapter#83). Note that this project is currently not under active development, see brodybits/cordova-sqlcipher-adapter#81.

LICENSE: MIT, with Apache 2.0 option for Android and disabled Windows platforms (see LICENSE.md for details, including third-party components used by this plugin)

NOTICE: Extra-old armeabi CPU for Android pre-5.0 is no longer supported by this plugin version.

IMPORTANT WARNING NOTICES

Comparison of supported plugin versions

Free license terms Commercial license & support
cordova-sqlite-storage - core plugin version MIT (or Apache 2.0 on Android & Windows)
cordova-sqlite-express-build-support - using built-in SQLite libraries on Android, iOS, and macOS MIT (or Apache 2.0 on Android & Windows)
cordova-sqlite-ext - with extra features including BASE64, REGEXP, and pre-populated databases MIT (or Apache 2.0 on Android & Windows)
cordova-sqlite-evcore-extbuild-free - plugin version with lighter resource usage in Android NDK GPL v3 available, see https://xpbrew.consulting/
cordova-plugin-sqlite-evplus-ext-common-free - includes workaround for extra-large result data on Android and lighter resource usage on iOS, macOS, and in Android NDK GPL v3 available, see https://xpbrew.consulting/

COMING SOON

New SQLite plugin design with a simpler API is in progress with a working demo - see brodybits/ask-me-anything#3

Breaking changes coming soon

in an upcoming major release - see xpbrew/cordova-sqlite-storage#922

some highlights:

under consideration:

About this plugin version

TBD

GENERAL STATUS:

This project is under maintenance for security, data loss risk, and other critical issues at this point (brodybits/cordova-sqlcipher-adapter#81). Active development may be resumed someday in the future, in case of sufficient interest from the user community. For priority feature requirements please contact sales@litehelpers.net for estimation and discussion.

Multiple database problem on Android

This plugin uses SQLCipher for Android which is a non-standard SQLite implementation on Android (a fork of sqlcipher/android-database-sqlcipher). In case an application access the same database using multiple plugins there is a risk of data corruption (see xpbrew/cordova-sqlite-storage#626), as described in http://ericsink.com/entries/multiple_sqlite_problem.html and https://www.sqlite.org/howtocorrupt.html.)

Multiple database access problem on other platforms

This plugin version also uses SQLCipher which is based on a particular version of sqlite3 on iOS, macOS, and Windows. In case the application accesses the SAME database using multiple plugins there is a risk of data corruption as described in https://www.sqlite.org/howtocorrupt.html (similar to the multiple sqlite problem for Android as described in http://ericsink.com/entries/multiple_sqlite_problem.html).

Additional notice

Windows platform support is now disabled in this plugin version, with CRYPTO provider (libTomCrypt) completely removed. This plugin version is no longer tested on Windows. For future consideration: enable Windows build again with encryption using a recent build of the OpenSSL crypto library

A quick tour

To open a database:

var db = null;

document.addEventListener('deviceready', function() {
  db = window.sqlitePlugin.openDatabase({
    name: 'my-encrypted.db',
    key: 'user-password-here',
    location: 'default'
  });
});

IMPORTANT: Like with the other Cordova plugins your application must wait for the deviceready event. This is especially tricky in Angular/ngCordova/Ionic controller/factory/service callbacks which may be triggered before the deviceready event is fired.

Using DRAFT standard transaction API

To populate a database using the DRAFT standard transaction API:

  db.transaction(function(tx) {
    tx.executeSql('CREATE TABLE IF NOT EXISTS DemoTable (name, score)');
    tx.executeSql('INSERT INTO DemoTable VALUES (?,?)', ['Alice', 101]);
    tx.executeSql('INSERT INTO DemoTable VALUES (?,?)', ['Betty', 202]);
  }, function(error) {
    console.log('Transaction ERROR: ' + error.message);
  }, function() {
    console.log('Populated database OK');
  });

or using numbered parameters as documented in https://www.sqlite.org/c3ref/bind_blob.html:

  db.transaction(function(tx) {
    tx.executeSql('CREATE TABLE IF NOT EXISTS DemoTable (name, score)');
    tx.executeSql('INSERT INTO DemoTable VALUES (?1,?2)', ['Alice', 101]);
    tx.executeSql('INSERT INTO DemoTable VALUES (?1,?2)', ['Betty', 202]);
  }, function(error) {
    console.log('Transaction ERROR: ' + error.message);
  }, function() {
    console.log('Populated database OK');
  });

To check the data using the DRAFT standard transaction API:

  db.transaction(function(tx) {
    tx.executeSql('SELECT count(*) AS mycount FROM DemoTable', [], function(tx, rs) {
      console.log('Record count (expected to be 2): ' + rs.rows.item(0).mycount);
    }, function(tx, error) {
      console.log('SELECT error: ' + error.message);
    });
  });

Using plugin-specific API calls

To populate a database using the SQL batch API:

  db.sqlBatch([
    'CREATE TABLE IF NOT EXISTS DemoTable (name, score)',
    [ 'INSERT INTO DemoTable VALUES (?,?)', ['Alice', 101] ],
    [ 'INSERT INTO DemoTable VALUES (?,?)', ['Betty', 202] ],
  ], function() {
    console.log('Populated database OK');
  }, function(error) {
    console.log('SQL batch ERROR: ' + error.message);
  });

or using numbered parameters as documented in https://www.sqlite.org/c3ref/bind_blob.html:

  db.sqlBatch([
    'CREATE TABLE IF NOT EXISTS DemoTable (name, score)',
    [ 'INSERT INTO DemoTable VALUES (?1,?2)', ['Alice', 101] ],
    [ 'INSERT INTO DemoTable VALUES (?1,?2)', ['Betty', 202] ],
  ], function() {
    console.log('Populated database OK');
  }, function(error) {
    console.log('SQL batch ERROR: ' + error.message);
  });

To check the data using the single SQL statement API:

  db.executeSql('SELECT count(*) AS mycount FROM DemoTable', [], function(rs) {
    console.log('Record count (expected to be 2): ' + rs.rows.item(0).mycount);
  }, function(error) {
    console.log('SELECT SQL statement ERROR: ' + error.message);
  });

More detailed sample

See the Sample section for a sample with a more detailed explanation (using the DRAFT standard transaction API).

Status

Announcements

Highlights

TIP: It is possible to migrate from Cordova to a pure native solution and continue using the data stored by this plugin.

Getting started

Recommended prerequisites

These prereqisites are very well documented in a number of excellent resources including:

More resources can be found by https://www.google.com/search?q=cordova+tutorial. There are even some tutorials available on YouTube as well.

In addition, this guide assumes a basic knowledge of some key JavaScript concepts such as variables, function calls, and callback functions. There is an excellent explanation of JavaScript callbacks at http://cwbuecheler.com/web/tutorials/2013/javascript-callbacks/.

MAJOR TIPS: As described in the Installing section:

NOTICE: This plugin is only supported with the Cordova CLI. This plugin is not supported with other Cordova/PhoneGap systems such as PhoneGap CLI, PhoneGap Build, Plugman, Intel XDK, Webstorm, etc.

Quick installation

Use the following command to install this plugin version from the Cordova CLI:

cordova plugin add cordova-sqlcipher-adapter # --save RECOMMENDED for Cordova CLI pre-7.0

Add any desired platform(s) if not already present, for example:

cordova platform add android

OPTIONAL: prepare before building (MANDATORY for cordova-ios older than 4.3.0 (Cordova CLI 6.4.0))

cordova prepare

or to prepare for a single platform, Android for example:

cordova prepare android

Please see the Installing section for more details.

NOTE: The new brodybits / cordova-sqlite-test-app project includes the echo test, self test, and string test described below along with some more sample functions.

Self test

Try the following programs to verify successful installation and operation:

Echo test - verify successful installation and build:

document.addEventListener('deviceready', function() {
  window.sqlitePlugin.echoTest(function() {
    console.log('ECHO test OK');
  });
});

Self test - automatically verify basic database access operations including opening a database; basic CRUD operations (create data in a table, read the data from the table, update the data, and delete the data); close and delete the database:

document.addEventListener('deviceready', function() {
  window.sqlitePlugin.selfTest(function() {
    console.log('SELF test OK');
  });
});

NOTE: It may be easier to use a JavaScript or native alert function call along with (or instead of) console.log to verify that the installation passes both tests. Same for the SQL string test variations below. (Note that the Windows platform does not support the standard alert function, please use cordova-plugin-dialogs instead.)

SQL string test

This test verifies that you can open a database, execute a basic SQL statement, and get the results (should be TEST STRING):

document.addEventListener('deviceready', function() {
  var db = window.sqlitePlugin.openDatabase({name: 'test.db', key: 'user-password', location: 'default'});
  db.transaction(function(tr) {
    tr.executeSql("SELECT upper('Test string') AS upperString", [], function(tr, rs) {
      console.log('Got upperString result: ' + rs.rows.item(0).upperString);
    });
  });
});

Here is a variation that uses a SQL parameter instead of a string literal:

document.addEventListener('deviceready', function() {
  var db = window.sqlitePlugin.openDatabase({name: 'test.db', key: 'user-password', location: 'default'});
  db.transaction(function(tr) {
    tr.executeSql('SELECT upper(?) AS upperString', ['Test string'], function(tr, rs) {
      console.log('Got upperString result: ' + rs.rows.item(0).upperString);
    });
  });
});

Moving forward

It is recommended to read through the usage and sample sections before building more complex applications. In general it is recommended to start by doing things one step at a time, especially when an application does not work as expected.

The new brodybits / cordova-sqlite-test-app sample is intended to be a boilerplate to reproduce and demonstrate any issues you may have with this plugin. You may also use it as a starting point to build a new app.

In case you get stuck with something please read through the support section and follow the instructions before raising an issue. Professional support is also available by contacting: sales@xpbrew.consulting

Plugin usage examples and tutorials

Simple example:

FUTURE TODO (WANTED): samples using this plugin version (with encryption)

WITHOUT SQLCIPHER:

Tutorials:

FUTURE TODO (WANTED): tutorials using this plugin version (with encryption)

WITHOUT SQLCIPHER:

PITFALL WARNING: A number of tutorials show up in search results that use Web SQL database instead of this plugin.

WANTED: simple, working CRUD tutorial sample ref: xpbrew/cordova-sqlite-storage#795

SQLite resources

Some other Cordova resources

Some apps using Cordova SQLCipher adapter plugin version

TBD YOUR APP HERE

Security

Security of sensitive data

According to Web SQL Database API 7.2 Sensitivity of data:

User agents should treat persistently stored data as potentially sensitive; it's quite possible for e-mails, calendar appointments, health records, or other confidential documents to be stored in this mechanism.

To this end, user agents should ensure that when deleting data, it is promptly deleted from the underlying storage.

Unfortunately this plugin will not actually overwrite the deleted content unless the secure_delete PRAGMA is used.

SQL injection

As "strongly recommended" by Web SQL Database API 8.5 SQL injection:

Authors are strongly recommended to make use of the ? placeholder feature of the executeSql() method, and to never construct SQL statements on the fly.

Avoiding data loss

Deviations

Some known deviations from the Web SQL database standard

Security of deleted data

See Security of sensitive data in the Security section above.

Other differences with WebKit Web SQL implementations

Known issues

Some additional issues are tracked in open cordova-sqlite-storage bug-general issues and open Cordova-sqlcipher-adapter bug-general issues.

Other limitations

Additional limitations are tracked in cordova-sqlite-help doc-todo issues, cordova-sqlite-storage doc-todo issues, and cordova-sqlcipher-adapter doc-todo issues.

Further testing needed

Some tips and tricks

Pitfalls

Extremely common pitfall(s)

IMPORTANT: A number of tutorials and samples in search results suffer from the following pitfall:

Common update pitfall(s)

Other common pitfall(s)

Some weird pitfall(s)

Angular/ngCordova/Ionic-related pitfalls

General Cordova pitfalls

Documented in: brodybits / Avoiding-some-Cordova-pitfalls

General SQLite pitfalls

From https://www.sqlite.org/datatype3.html#section_1:

SQLite uses a more general dynamic type system.

This is generally nice to have, especially in conjunction with a dynamically typed language such as JavaScript. Here are some major SQLite data typing principles:

However there are some possible gotchas:

  1. From https://www.sqlite.org/datatype3.html#section_3_2:

    Note that a declared type of "FLOATING POINT" would give INTEGER affinity, not REAL affinity, due to the "INT" at the end of "POINT". And the declared type of "STRING" has an affinity of NUMERIC, not TEXT.

  2. From ibid: a column declared as "DATETIME" has NUMERIC affinity, which gives no hint whether an INTEGER Unix time value, a REAL Julian time value, or possibly even a TEXT ISO8601 date/time string may be stored (further refs: https://www.sqlite.org/datatype3.html#section_2_2, https://www.sqlite.org/datatype3.html#section_3)

From https://groups.google.com/forum/#!topic/phonegap/za7z51_fKRw, as discussed in xpbrew/cordova-sqlite-storage#546: it was discovered that are some more points of possible confusion with date/time. For example, there is also a datetime function that returns date/time in TEXT string format. This should be considered a case of "DATETIME" overloading since SQLite is not case sensitive. This could really become confusing if different programmers or functions consider date/time to be stored in different ways.

FUTURE TBD: Proper date/time handling will be further tested and documented at some point.

Major TODOs

For future considertion

Alternatives

NOTE: None of the other alternatives currently support SQLCipher.

Comparison of sqlite plugin versions

Other SQLite access projects

Alternative storage solutions

Usage

Self-test functions

To verify that both the Javascript and native part of this plugin are installed in your application:

window.sqlitePlugin.echoTest(successCallback, errorCallback);

To verify that this plugin is able to open a database (named ___$$$___litehelpers___$$$___test___$$$___.db), execute the CRUD (create, read, update, and delete) operations, and clean it up properly:

window.sqlitePlugin.selfTest(successCallback, errorCallback);

IMPORTANT: Please wait for the 'deviceready' event (see below for an example).

General

NOTE: If a sqlite statement in a transaction fails with an error, the error handler must return false in order to recover the transaction. This is correct according to the HTML5/Web SQL (DRAFT) API standard. This is different from the WebKit implementation of Web SQL in Android and iOS which recovers the transaction if a sql error hander returns a truthy value.

See the Sample section for a sample with detailed explanations.

Opening a database

To open a database access handle object (in the new default location):

var db = window.sqlitePlugin.openDatabase({name: 'my.db',
  key: 'user-password-here',
  location: 'default'
}, successcb, errorcb);

WARNING: The new "default" location value is different from the old default location used until March 2016 and would break an upgrade for an app that was using the old default setting (location: 0, same as using iosDatabaseLocation: 'Documents') on iOS. The recommended solution is to continue to open the database from the same location, using iosDatabaseLocation: 'Documents'.

WARNING 2: As described above: by default this plugin uses a _non-standard SQLCipher database implementation on Android (https://github.com/sqlcipher/android-database-sqlcipher). In case an application access the same database using multiple plugins there is a risk of data corruption ref: xpbrew/cordova-sqlite-storage#626) as described in http://ericsink.com/entries/multiple_sqlite_problem.html and https://www.sqlite.org/howtocorrupt.html._

To specify a different location (affects iOS/macOS only):

var db = window.sqlitePlugin.openDatabase({name: 'my.db', key: 'your-password-here', iosDatabaseLocation: 'Library'}, successcb, errorcb);

where the iosDatabaseLocation option may be set to one of the following choices:

WARNING: Again, the new "default" iosDatabaseLocation value is NOT the same as the old default location and would break an upgrade for an app using the old default value (0) on iOS.

Deprecated alternative to be removed in the near future:

with the location option set to one the following choices (affects iOS only):

No longer supported (see tip below to overwrite window.openDatabase): var db = window.sqlitePlugin.openDatabase("myDatabase.db", "1.0", "Demo", -1);

IMPORTANT: Please wait for the 'deviceready' event, as in the following example:

// Wait for Cordova to load
document.addEventListener('deviceready', onDeviceReady, false);

// Cordova is ready
function onDeviceReady() {
  var db = window.sqlitePlugin.openDatabase({name: 'my.db',
    key: 'user-password-here',
    location: 'default'
  });
  // ...
}

The successcb and errorcb callback parameters are optional but can be extremely helpful in case anything goes wrong. For example:

window.sqlitePlugin.openDatabase({name: 'my.db',
  key: 'user-password-here',
  location: 'default'
}, function(db) {
  db.transaction(function(tx) {
    // ...
  }, function(err) {
    console.log('Open database ERROR: ' + JSON.stringify(err));
  });
});

If any sql statements or transactions are attempted on a database object before the openDatabase result is known, they will be queued and will be aborted in case the database cannot be opened.

DATABASE NAME NOTES:

OTHER NOTES:

iCloud backup notes

As documented in the "A User’s iCloud Storage Is Limited" section of iCloudFundamentals in Mac Developer Library iCloud Design Guide (near the beginning):

  • DO store the following in iCloud:
    • [other items omitted]
    • Change log files for a SQLite database (a SQLite database’s store file must never be stored in iCloud)
  • DO NOT store the following in iCloud:
    • [items omitted]
- iCloudFundamentals in Mac Developer Library iCloud Design Guide

How to disable iCloud backup

Use the location or iosDatabaseLocation option in sqlitePlugin.openDatabase() to store the database in a subdirectory that is NOT backed up to iCloud, as described in the section below.

NOTE: Changing BackupWebStorage in config.xml has no effect on a database created by this plugin. BackupWebStorage applies only to local storage and/or Web SQL storage created in the WebView (not using this plugin). For reference: phonegap/build#338 (comment)

Android database provider

As described above this plugin uses SQLCipher for Android which is a non-standard SQLite implementation on Android.

IMPORANT WARNING: As described above: in case an application access the same database using multiple plugins (with or without encryption) there is a risk of data corruption ref: xpbrew/cordova-sqlite-storage#626, as described in http://ericsink.com/entries/multiple_sqlite_problem.html and https://www.sqlite.org/howtocorrupt.html.

There is no workaround in this plugin version.

SQL transactions

The following types of SQL transactions are supported by this plugin version:

NOTE: Transaction requests are kept in one queue per database and executed in sequential order, according to the HTML5/Web SQL (DRAFT) API.

WARNING: It is possible to request a SQL statement list such as "SELECT 1; SELECT 2" within a single SQL statement string, however the plugin will only execute the first statement and silently ignore the others. This could result in data loss if such a SQL statement list with any INSERT or UPDATE statement(s) are included. For reference: xpbrew/cordova-sqlite-storage#551

Single-statement transactions

Sample with INSERT:

db.executeSql('INSERT INTO MyTable VALUES (?)', ['test-value'], function (resultSet) {
  console.log('resultSet.insertId: ' + resultSet.insertId);
  console.log('resultSet.rowsAffected: ' + resultSet.rowsAffected);
}, function(error) {
  console.log('SELECT error: ' + error.message);
});

or using numbered parameters as documented in https://www.sqlite.org/c3ref/bind_blob.html:

db.executeSql('INSERT INTO MyTable VALUES (?1)', ['test-value'], function (resultSet) {
  console.log('resultSet.insertId: ' + resultSet.insertId);
  console.log('resultSet.rowsAffected: ' + resultSet.rowsAffected);
}, function(error) {
  console.log('SELECT error: ' + error.message);
});

Sample with SELECT:

db.executeSql("SELECT LENGTH('tenletters') AS stringlength", [], function (resultSet) {
  console.log('got stringlength: ' + resultSet.rows.item(0).stringlength);
}, function(error) {
  console.log('SELECT error: ' + error.message);
});

NOTE/minor bug: The object returned by resultSet.rows.item(rowNumber) is not immutable. In addition, multiple calls to resultSet.rows.item(rowNumber) with the same rowNumber on the same resultSet object return the same object. For example, the following code will show Second uppertext result: ANOTHER:

db.executeSql("SELECT UPPER('First') AS uppertext", [], function (resultSet) {
  var obj1 = resultSet.rows.item(0);
  obj1.uppertext = 'ANOTHER';
  console.log('Second uppertext result: ' + resultSet.rows.item(0).uppertext);
  console.log('SELECT error: ' + error.message);
});

SQL batch transactions

Sample:

db.sqlBatch([
  'DROP TABLE IF EXISTS MyTable',
  'CREATE TABLE MyTable (SampleColumn)',
  [ 'INSERT INTO MyTable VALUES (?)', ['test-value'] ],
], function() {
  db.executeSql('SELECT * FROM MyTable', [], function (resultSet) {
    console.log('Sample column value: ' + resultSet.rows.item(0).SampleColumn);
  });
}, function(error) {
  console.log('Populate table error: ' + error.message);
});

or using numbered parameters as documented in https://www.sqlite.org/c3ref/bind_blob.html:

db.sqlBatch([
  'CREATE TABLE MyTable IF NOT EXISTS (name STRING, balance INTEGER)',
  [ 'INSERT INTO MyTable VALUES (?1,?2)', ['Alice', 100] ],
  [ 'INSERT INTO MyTable VALUES (?1,?2)', ['Betty', 200] ],
], function() {
  console.log('MyTable is now populated.');
}, function(error) {
  console.log('Populate table error: ' + error.message);
});

In case of an error, all changes in a sql batch are automatically discarded using ROLLBACK.

Standard asynchronous transactions

DRAFT standard asynchronous transactions follow the HTML5/Web SQL (DRAFT) API which is very well documented and uses BEGIN and COMMIT or ROLLBACK to keep the transactions failure-safe. Here is a simple example:

db.transaction(function(tx) {
  tx.executeSql('DROP TABLE IF EXISTS MyTable');
  tx.executeSql('CREATE TABLE MyTable (SampleColumn)');
  tx.executeSql('INSERT INTO MyTable VALUES (?)', ['test-value'], function(tx, resultSet) {
    console.log('resultSet.insertId: ' + resultSet.insertId);
    console.log('resultSet.rowsAffected: ' + resultSet.rowsAffected);
  }, function(tx, error) {
    console.log('INSERT error: ' + error.message);
  });
}, function(error) {
  console.log('transaction error: ' + error.message);
}, function() {
  console.log('transaction ok');
});

or using numbered parameters as documented in https://www.sqlite.org/c3ref/bind_blob.html:

db.transaction(function(tx) {
  tx.executeSql('DROP TABLE IF EXISTS MyTable');
  tx.executeSql('CREATE TABLE MyTable (SampleColumn)');
  tx.executeSql('INSERT INTO MyTable VALUES (?1)', ['test-value'], function(tx, resultSet) {
    console.log('resultSet.insertId: ' + resultSet.insertId);
    console.log('resultSet.rowsAffected: ' + resultSet.rowsAffected);
  }, function(tx, error) {
    console.log('INSERT error: ' + error.message);
  });
}, function(error) {
  console.log('transaction error: ' + error.message);
}, function() {
  console.log('transaction ok');
});

In case of a read-only transaction, it is possible to use readTransaction which will not use BEGIN, COMMIT, or ROLLBACK:

db.readTransaction(function(tx) {
  tx.executeSql("SELECT UPPER('Some US-ASCII text') AS uppertext", [], function(tx, resultSet) {
    console.log("resultSet.rows.item(0).uppertext: " + resultSet.rows.item(0).uppertext);
  }, function(tx, error) {
    console.log('SELECT error: ' + error.message);
  });
}, function(error) {
  console.log('transaction error: ' + error.message);
}, function() {
  console.log('transaction ok');
});

WARNING: It is NOT allowed to execute sql statements on a transaction after it has finished. Here is an example from the Populating Cordova SQLite storage with the JQuery API post at http://www.brodybits.com/cordova/sqlite/api/jquery/2015/10/26/populating-cordova-sqlite-storage-with-the-jquery-api.html:

  // BROKEN SAMPLE:
  var db = window.sqlitePlugin.openDatabase({
    name: 'my-encrypted.db',
    key: 'user-password-here',
    location: 'default'
  });
  db.executeSql("DROP TABLE IF EXISTS tt");
  db.executeSql("CREATE TABLE tt (data)");

  db.transaction(function(tx) {
    $.ajax({
      url: 'https://api.github.com/users/litehelpers/repos',
      dataType: 'json',
      success: function(res) {
        console.log('Got AJAX response: ' + JSON.stringify(res));
        $.each(res, function(i, item) {
          console.log('REPO NAME: ' + item.name);
          tx.executeSql("INSERT INTO tt values (?)", JSON.stringify(item.name));
        });
      }
    });
  }, function(e) {
    console.log('Transaction error: ' + e.message);
  }, function() {
    // Check results:
    db.executeSql('SELECT COUNT(*) FROM tt', [], function(res) {
      console.log('Check SELECT result: ' + JSON.stringify(res.rows.item(0)));
    });
  });

You can find more details and a step-by-step description how to do this right in the Populating Cordova SQLite storage with the JQuery API post at: http://www.brodybits.com/cordova/sqlite/api/jquery/2015/10/26/populating-cordova-sqlite-storage-with-the-jquery-api.html

NOTE/minor bug: Just like the single-statement transaction described above, the object returned by resultSet.rows.item(rowNumber) is not immutable. In addition, multiple calls to resultSet.rows.item(rowNumber) with the same rowNumber on the same resultSet object return the same object. For example, the following code will show Second uppertext result: ANOTHER:

db.readTransaction(function(tx) {
  tx.executeSql("SELECT UPPER('First') AS uppertext", [], function(tx, resultSet) {
    var obj1 = resultSet.rows.item(0);
    obj1.uppertext = 'ANOTHER';
    console.log('Second uppertext result: ' + resultSet.rows.item(0).uppertext);
    console.log('SELECT error: ' + error.message);
  });
});

FUTURE TBD: It should be possible to get a row result object using resultSet.rows[rowNumber], also in case of a single-statement transaction. This is non-standard but is supported by the Chrome desktop browser.

Background processing

The threading model depends on which platform version is used:

Sample with PRAGMA feature

Creates a table, adds a single entry, then queries the count to check if the item was inserted as expected. Note that a new transaction is created in the middle of the first callback.

// Wait for Cordova to load
document.addEventListener('deviceready', onDeviceReady, false);

// Cordova is ready
function onDeviceReady() {
  var db = window.sqlitePlugin.openDatabase({
    name: 'my-encrypted.db',
    key: 'user-password-here',
    location: 'default'
  });

  db.transaction(function(tx) {
    tx.executeSql('DROP TABLE IF EXISTS test_table');
    tx.executeSql('CREATE TABLE IF NOT EXISTS test_table (id integer primary key, data text, data_num integer)');

    // demonstrate PRAGMA:
    db.executeSql("pragma table_info (test_table);", [], function(res) {
      console.log("PRAGMA res: " + JSON.stringify(res));
    });

    tx.executeSql("INSERT INTO test_table (data, data_num) VALUES (?,?)", ["test", 100], function(tx, res) {
      console.log("insertId: " + res.insertId + " -- probably 1");
      console.log("rowsAffected: " + res.rowsAffected + " -- should be 1");

      db.transaction(function(tx) {
        tx.executeSql("select count(id) as cnt from test_table;", [], function(tx, res) {
          console.log("res.rows.length: " + res.rows.length + " -- should be 1");
          console.log("res.rows.item(0).cnt: " + res.rows.item(0).cnt + " -- should be 1");
        });
      });

    }, function(e) {
      console.log("ERROR: " + e.message);
    });
  });
}

NOTE: PRAGMA statements must be executed in executeSql() on the database object (i.e. db.executeSql()) and NOT within a transaction.

Sample with transaction-level nesting

In this case, the same transaction in the first executeSql() callback is being reused to run executeSql() again.

// Wait for Cordova to load
document.addEventListener('deviceready', onDeviceReady, false);

// Cordova is ready
function onDeviceReady() {
  var db = window.sqlitePlugin.openDatabase({
    name: 'my-encrypted.db',
    key: 'user-password-here',
    location: 'default'
  });

  db.transaction(function(tx) {
    tx.executeSql('DROP TABLE IF EXISTS test_table');
    tx.executeSql('CREATE TABLE IF NOT EXISTS test_table (id integer primary key, data text, data_num integer)');

    tx.executeSql("INSERT INTO test_table (data, data_num) VALUES (?,?)", ["test", 100], function(tx, res) {
      console.log("insertId: " + res.insertId + " -- probably 1");
      console.log("rowsAffected: " + res.rowsAffected + " -- should be 1");

      tx.executeSql("select count(id) as cnt from test_table;", [], function(tx, res) {
        console.log("res.rows.length: " + res.rows.length + " -- should be 1");
        console.log("res.rows.item(0).cnt: " + res.rows.item(0).cnt + " -- should be 1");
      });

    }, function(tx, e) {
      console.log("ERROR: " + e.message);
    });
  });
}

This case will also works with Safari (WebKit) (with no encryption), assuming you replace window.sqlitePlugin.openDatabase with window.openDatabase.

Close a database object

This will invalidate all handle access handle objects for the database that is closed:

db.close(successcb, errorcb);

It is OK to close the database within a transaction callback but NOT within a statement callback. The following example is OK:

db.transaction(function(tx) {
  tx.executeSql("SELECT LENGTH('tenletters') AS stringlength", [], function(tx, res) {
    console.log('got stringlength: ' + res.rows.item(0).stringlength);
  });
}, function(error) {
  // OK to close here:
  console.log('transaction error: ' + error.message);
  db.close();
}, function() {
  // OK to close here:
  console.log('transaction ok');
  db.close(function() {
    console.log('database is closed ok');
  });
});

The following example is NOT OK:

// BROKEN:
db.transaction(function(tx) {
  tx.executeSql("SELECT LENGTH('tenletters') AS stringlength", [], function(tx, res) {
    console.log('got stringlength: ' + res.rows.item(0).stringlength);
    // BROKEN - this will trigger the error callback:
    db.close(function() {
      console.log('database is closed ok');
    }, function(error) {
      console.log('ERROR closing database');
    });
  });
});

BUG: It is currently NOT possible to close a database in a db.executeSql callback. For example:

// BROKEN DUE TO BUG:
db.executeSql("SELECT LENGTH('tenletters') AS stringlength", [], function (res) {
  var stringlength = res.rows.item(0).stringlength;
  console.log('got stringlength: ' + res.rows.item(0).stringlength);

  // BROKEN - this will trigger the error callback DUE TO BUG:
  db.close(function() {
    console.log('database is closed ok');
  }, function(error) {
    console.log('ERROR closing database');
  });
});

SECOND BUG: When a database connection is closed, any queued transactions are left hanging. TODO: All pending transactions should be errored whenever a database connection is closed.

NOTE: As described above, if multiple database access handle objects are opened for the same database and one database handle access object is closed, the database is no longer available for the other database handle objects. Possible workarounds:

FUTURE TBD: dispose method on the database access handle object, such that a database is closed once all access handle objects are disposed.

Delete a database

window.sqlitePlugin.deleteDatabase({name: 'my.db', location: 'default'}, successcb, errorcb);

with location or iosDatabaseLocation parameter required as described above for openDatabase (affects iOS/macOS only)

BUG: When a database is deleted, any queued transactions for that database are left hanging. TODO: All pending transactions should be errored when a database is deleted.

Database schema versions

The transactional nature of the API makes it relatively straightforward to manage a database schema that may be upgraded over time (adding new columns or new tables, for example). Here is the recommended procedure to follow upon app startup:

IMPORTANT: Since we cannot be certain when the users will actually update their apps, old schema versions will have to be supported for a very long time.

Use with Ionic/ngCordova/Angular

Ionic Native with browser support

Ionic 3

Ionic 2

Tutorials with Ionic 2:

Sample on Ionic 2:

Ionic 1

Tutorial with Ionic 1: https://blog.nraboy.com/2014/11/use-sqlite-instead-local-storage-ionic-framework/

A sample for Ionic 1 is provided at: litehelpers / Ionic-sqlite-database-example

Documentation at: http://ngcordova.com/docs/plugins/sqlite/

Other resource (apparently for Ionic 1): https://www.packtpub.com/books/content/how-use-sqlite-ionic-store-data

NOTE: Some Ionic and other Angular pitfalls are described above.

Installing

Easy installation with Cordova CLI tool

npm install -g cordova # (in case you don't have cordova)
cordova create MyProjectFolder com.my.project MyProject && cd MyProjectFolder # if you are just starting
cordova plugin add cordova-sqlcipher-adapter # --save RECOMMENDED for Cordova CLI pre-7.0
cordova platform add <desired platform> # repeat for all desired platform(s)
cordova prepare # OPTIONAL (MAY BE NEEDED cordova-ios pre-4.3.0 (Cordova CLI pre-6.4.0))

Additional Cordova CLI NOTES:

cordova platform rm ios
cordova platform add ios

or more drastically:

rm -rf platforms
cordova platform add ios

Plugin installation sources

Installation test

Easy installation test

Use window.sqlitePlugin.echoTest and/or window.sqlitePlugin.selfTest as described above (please wait for the deviceready event).

Quick installation test

Assuming your app has a recent template as used by the Cordova create script, add the following code to the onDeviceReady function, after app.receivedEvent('deviceready');:

  window.sqlitePlugin.openDatabase({ name: 'hello-world.db', location: 'default' }, function (db) {
    db.executeSql("select length('tenletters') as stringlength", [], function (res) {
      var stringlength = res.rows.item(0).stringlength;
      console.log('got stringlength: ' + stringlength);
      document.getElementById('deviceready').querySelector('.received').innerHTML = 'stringlength: ' + stringlength;
   });
  });

Support

Free support policy

Free support is provided on a best-effort basis and is only available in public forums. Please follow the steps below to be sure you have done your best before requesting help.

Professional support

Professional support is available by contacting: sales@xpbrew.consulting

For more information: https://xpbrew.consulting

Before seeking help

First steps:

and check the following:

If you still cannot get something to work:

Issues with AJAX

General: As documented above with a negative example the application must wait for the AJAX query to finish before starting a transaction and adding the data elements.

In case of issues it is recommended to rework the reproduction program insert the data from a JavaScript object after a delay. There is already a test function for this in brodybits / cordova-sqlite-test-app.

FUTURE TBD examples

Test program to seek help

If you continue to see the issue: please make the simplest test program possible based on brodybits / cordova-sqlite-test-app to demonstrate the issue with the following characteristics:

What will be supported for free

It is recommended to make a small, self-contained test program based on brodybits / cordova-sqlite-test-app that can demonstrate your problem and post it. Please do not use any other plugins or frameworks than are absolutely necessary to demonstrate your problem.

In case of a problem with a pre-populated database, please post your entire project.

What is NOT supported for free

What information is needed for help

Please include the following:

Please do NOT use any of these formats

Where to request help

Please include the information described above otherwise.

Unit tests

Unit testing is done in spec.

running tests from shell

TBD test.sh testing limited with sqlcipher version of this plugin, does not auto-remove correct plugin id

To run the tests from *nix shell, simply do either:

./bin/test.sh ios

or for Android:

./bin/test.sh android

To run from a windows powershell (here is a sample for android target):

.\bin\test.ps1 android

Adapters

GENERAL: The adapters described here are community maintained.

Lawnchair Adapter

POSSIBLY BROKEN: The Lawnchair adapter does may not support all openDatabase options such as key, location or iosDatabaseLocation options and is therefore not expected guaranteed to work with this plugin.

PouchDB

Adapters wanted

Sample

Contributed by @Mikejo5000 (Mike Jones) from Microsoft.

Interact with the SQLite database

The SQLite storage plugin sample allows you to execute SQL statements to interact with the database. The code snippets in this section demonstrate simple plugin tasks including:

Open the database and create a table

Call the openDatabase() function to get started, passing in the name and location for the database.

var db = window.sqlitePlugin.openDatabase({ name: 'my.db', key: 'user-password-here', location: 'default' }, function (db) {

    // Here, you might create or open the table.

}, function (error) {
    console.log('Open database ERROR: ' + JSON.stringify(error));
});

Create a table with three columns for first name, last name, and a customer account number. If the table already exists, this SQL statement opens the table.

db.transaction(function (tx) {
    // ...
    tx.executeSql('CREATE TABLE customerAccounts (firstname, lastname, acctNo)');
}, function (error) {
    console.log('transaction error: ' + error.message);
}, function () {
    console.log('transaction ok');
});

By wrapping the previous executeSql() function call in db.transaction(), we will make these tasks asynchronous. If you want to, you can use multiple executeSql() statements within a single transaction (not shown).

Add a row to the database

Add a row to the database using the INSERT INTO SQL statement.

function addItem(first, last, acctNum) {

    db.transaction(function (tx) {

        var query = "INSERT INTO customerAccounts (firstname, lastname, acctNo) VALUES (?,?,?)";

        tx.executeSql(query, [first, last, acctNum], function(tx, res) {
            console.log("insertId: " + res.insertId + " -- probably 1");
            console.log("rowsAffected: " + res.rowsAffected + " -- should be 1");
        },
        function(tx, error) {
            console.log('INSERT error: ' + error.message);
        });
    }, function(error) {
        console.log('transaction error: ' + error.message);
    }, function() {
        console.log('transaction ok');
    });
}

To add some actual rows in your app, call the addItem function several times.

addItem("Fred", "Smith", 100);
addItem("Bob", "Yerunkle", 101);
addItem("Joe", "Auzomme", 102);
addItem("Pete", "Smith", 103);

Read data from the database

Add code to read from the database using a SELECT statement. Include a WHERE condition to match the resultSet to the passed in last name.

function getData(last) {

    db.transaction(function (tx) {

        var query = "SELECT firstname, lastname, acctNo FROM customerAccounts WHERE lastname = ?";

        tx.executeSql(query, [last], function (tx, resultSet) {

            for(var x = 0; x < resultSet.rows.length; x++) {
                console.log("First name: " + resultSet.rows.item(x).firstname +
                    ", Acct: " + resultSet.rows.item(x).acctNo);
            }
        },
        function (tx, error) {
            console.log('SELECT error: ' + error.message);
        });
    }, function (error) {
        console.log('transaction error: ' + error.message);
    }, function () {
        console.log('transaction ok');
    });
}

Remove a row from the database

Add a function to remove a row from the database that matches the passed in customer account number.

function removeItem(acctNum) {

    db.transaction(function (tx) {

        var query = "DELETE FROM customerAccounts WHERE acctNo = ?";

        tx.executeSql(query, [acctNum], function (tx, res) {
            console.log("removeId: " + res.insertId);
            console.log("rowsAffected: " + res.rowsAffected);
        },
        function (tx, error) {
            console.log('DELETE error: ' + error.message);
        });
    }, function (error) {
        console.log('transaction error: ' + error.message);
    }, function () {
        console.log('transaction ok');
    });
}

Update rows in the database

Add a function to update rows in the database for records that match the passed in customer account number. In this form, the statement will update multiple rows if the account numbers are not unique.

function updateItem(first, id) {
    // UPDATE Cars SET Name='Skoda Octavia' WHERE Id=3;
    db.transaction(function (tx) {

        var query = "UPDATE customerAccounts SET firstname = ? WHERE acctNo = ?";

        tx.executeSql(query, [first, id], function(tx, res) {
            console.log("insertId: " + res.insertId);
            console.log("rowsAffected: " + res.rowsAffected);
        },
        function(tx, error) {
            console.log('UPDATE error: ' + error.message);
        });
    }, function(error) {
        console.log('transaction error: ' + error.message);
    }, function() {
        console.log('transaction ok');
    });
}

To call the preceding function, add code like this in your app.

updateItem("Yme", 102);

Close the database

When you are finished with your transactions, close the database. Call closeDB within the transaction success or failure callbacks (rather than the callbacks for executeSql()).

function closeDB() {
    db.close(function () {
        console.log("DB closed!");
    }, function (error) {
        console.log("Error closing DB:" + error.message);
    });
}

Source tree

Contributing

Community

Code

WARNING: Please do NOT propose changes from your default branch. Contributions may be rebased using git rebase or git cherry-pick and not merged.

Contact

sales@xpbrew.consulting