Skip to content

Database Usage with Web Apps

Using databases with web apps is not much different than using them with desktop apps, but there are a few things to keep in mind. The most important thing to note is that a web app allows multiple users. This means you’ll want your database connection to be unique for each user that connects to the web app, rather than global to the app itself (as is common in desktop apps). The simplest way to ensure this is to create the connection to your database in the WebSession.Open event handler, saving a reference to the connection as a property that you add to WebSession.

A property such as “DB As SQLiteDatabase” on the Session object works well. Then in its Open event handler, you actually connect to the database:

Dim dbFile As FolderItem = GetFolderItem("MyDatabase.sqlite")
DB = New SQLiteDatabase
DB.DatabaseFile = dbFile
If Not db.Connect Then
 ' Display an error page and log the error
 ' You should not show specifics of the error to users
 ErrorPage.Show
End If

In the rest of your project, you can refer to the database like this:

Session.DB

The second thing to remember is that because a web app can be accessed by many more users it is more susceptible to SQL Injection. To limit your exposure here, you should always use SQL Prepared Statements with any SQL statements that contain parameters with values from user-entered input.

To learn more about databases and web apps, view the Database Usage with Web Apps topic in the Dev Center and watch our Webinar: Connecting to Databases.

6 Comments

  1. Please advise if Xojo plans to support Flatpak or Snaps on linux. The community would surely like to know. Technically there would be no reason why you could not support both.

    • Alyssa Foley Alyssa Foley

      While we may support this in the future, I don’t think we have any
      immediate plans to at the moment. If you are interested in Xojo supporting this, please enter it into Feedback as a feature request.

  2. Tim Ross Tim Ross

    The link at the bottom of the article doesn’t work – 404.

    • Alyssa Foley Alyssa Foley

      Thanks, Tim. I’ve updated the link.

  3. The SQL Injection link is not working…getting a 404 error. 🙁

    • Paul Lefebvre Paul Lefebvre

      Thanks, Robert. I’ve fixed the link.