I have a device that sends me data in a csv format. How can i move/import the csv data into sqlite. I have set up the database and tables and can read the csv data but cant get it into sql. I dont want to do it manually it must be an automated process every time a file arrives in the directory.
Assuming that you are trying to write the individual values in the csv to fields in the database then have a look at the csv node. You should be able to use that to convert the csv to a javascript object, then you just need to build the SQL query to insert it into the database using the sqlite node.
[Edit] Or maybe just use the string directly in a query built, for example, using a Template node (not ui_template). What does the csv look like and what SQL query are you trying to build?
Though it is generally safer to use parameters in the query in order to avoid SQL injection.
A Watch node will trigger a message whenever a new file is created in the watched directory.
Sorry, totally off topic but why is that?
I think an SQL injection might be something like " 'Smith'; SELECT secret from secrets"
Can you give examples using / not using parameters and how an attempted injection would be affected?
Thanks
A more critical embedded command might be a DROP TABLE command. When you use parameters the code that expands the parameters checks for SQL injection and stops it. In fact in sqlite I think they are called Prepared Queries. It tells you how to do that in the node's help text.
An example of injection in node-red might be a query generated in a Template node like this. SELECT * from sometable WHERE name = '{{msg.payload}}';
If msg.payload came from user input in some way then a malicious user might provide a name like fred'; DROP TABLE sometable;
So the query now reads SELECT * from sometable WHERE name = 'fred'; DROP TABLE sometable; ';
Using a prepared query prevents the DROP TABLE statement from getting through.
The one thing you have not shown us is what is in the message going into your function node. Specifically what is in msg.payload.Time. It should be an integer, if it is a Date object then you should use msg.payload.Time.getTime().
You are using standard SQL queries and the date is not surrounded by quotes - that's why it fails. As explained earlier in the thread, you should really use prepared statements to avoid worrying about things like quotations and sequel injection attacks.
Sorry, I've just looked at your table design. You want time stamp not a string time. You will have to convert the time column in your data to an epoch before generating the sql
I suggest you get what you have going first, then change the sql to use prepared statements. It shows how to do that in the help text for the sqlite node.
You have not selected First Row contains column names in the csv node, and the Time value is a string. If you want to have it as an integer then you will have to convert it. Alternatively change the column type to string.