A quick note for novice users: when gathering input from fields on a web form that maintains a database connection, *never* use pg_query to do queries from the field. Always sanitize input using pg_prepare and pg_execute.
(PHP 4 >= 4.2.0, PHP 5, PHP 7, PHP 8)
pg_query — Ejecutar una consulta
pg_query() ejecuta la consulta dada por query
en la conexión a la base de datos especificada por connection
.
En la mayoría de los casos, es preferible utilizar
pg_query_params().
Si ocurre un error y se devuelve false
, se pueden recuperara los detalles
de este error con la función pg_last_error()
si la conexión es válida.
Nota: Aunque se puede omitir
connection
, no se recomienda debido a que puede ser difícil encontrar errores en scripts.
Nota:
Esta función se solía llamar pg_exec(). pg_exec() aún está disponible por compatibilidad, aunque se recomienda utilizar en nuevo nombre.
connection
Recurso de conexión a una base de datos de PostgreSQL. Cuando
connection
no está presente, se utilizará la
conexión predeterminada. Esta es la última conexión realizada por
pg_connect() o pg_pconnect().
query
La sentencia o sentencias SQL a ejecutar. Cuando se pasan varias sentencias a la función, automáticamente se ejecutan como una sola transacción, a menos que haya comandos BEGIN/COMMIT explícitos incluidos en la cadena de consulta. Sin embargo, no se recomiendo el uso de varias transacciones en una llamada a la función.
La interpolación de datos proporcionados por el usuario es extremadamente peligrosa y probablemente lleve a vulnerabilidades de inyecciones SQL. En la mayoría de los casos es preferible el uso de pg_query_params(), pasando los valores proporcionados por el usuario como parámetros en lugar de sustituirlos en la cadena de consulta.
Cualquier dato proporcionado por el usuario sustituido directamente en una cadena de consulta debe ser escapado adecuadamente.
Un recurso de resultados de consulta en caso de éxtio o false
en caso de error.
Ejemplo #1 Ejemplo de pg_query()
<?php
$conn = pg_pconnect("dbname=publisher");
if (!$conn) {
echo "Ocurrió un error.\n";
exit;
}
$result = pg_query($conn, "SELECT author, email FROM authors");
if (!$result) {
echo "Ocurrió un error.\n";
exit;
}
while ($row = pg_fetch_row($result)) {
echo "Author: $row[0] E-mail: $row[1]";
echo "<br />\n";
}
?>
Ejemplo #2 Uso de pg_query() con varias sentencias
<?php
$conn = pg_pconnect("dbname=publisher");
// estas sentencias se ejecutarán como una sola transacción
$query = "UPDATE authors SET author=UPPER(author) WHERE id=1;";
$query .= "UPDATE authors SET author=LOWER(author) WHERE id=2;";
$query .= "UPDATE authors SET author=NULL WHERE id=3;";
pg_query($conn, $query);
?>
A quick note for novice users: when gathering input from fields on a web form that maintains a database connection, *never* use pg_query to do queries from the field. Always sanitize input using pg_prepare and pg_execute.
It would be better this way:
<?php
$result=pg_query($conn, "SELECT COUNT(*) AS rows FROM x WHERE a=b;");
if (!$result) {
echo "query did not execute";
}
if ($line = pg_fetch_assoc($result)) {
if ($line['rows'] == 0) {
echo "0 records"
}
}
else {
while ($row = pg_fetch_array($result)) {
//do stuff with $row
}
}
?>
This solution doesn't raise the load of the system with the move of matching rows (perhaps 0,1, perhaps 100, 1000, ... rows)
expanding on the note left by "cmoore" -
To check to see if the recordset returned no records,
<?php
$result=pg_query($conn, "SELECT * FROM x WHERE a=b;");
if (!$result) {
echo "query did not execute";
}
$rs = pg_fetch_assoc($result);
if (!$rs) {
echo "0 records"
}
?>
-jack
$GLOBALS["PG_CONNECT"]=pg_connect(...);
....
function query ($sqlQuery,$var=0) {
if (!$GLOBALS["PG_CONNECT"]) return 0;
$lev=error_reporting (8); //NO WARRING!!
$result=pg_query ($sqlQuery);
error_reporting ($lev); //DEFAULT!!
if (strlen ($r=pg_last_error ($GLOBALS["PG_CONNECT"]))) {
if ($var) {
echo "<p color=\"red\">ERROR:<pre>";
echo $sqlQuery;
echo "</pre>";
echo $r;
echo "</p>";
}
close_db ();
return 0;
}
return $result;
}
One thing to note that wasn't obvious to me at first. If your query returns zero rows, that is not a "failed" query. So the following is wrong:
$result=pg_query($conn, "SELECT * FROM x WHERE a=b;");
if (!$result) {
echo "No a=b in x\n";
}
pg_query returns FALSE if the query can not be executed for some reason. If the query is executed but returns zero rows then you get back a resul with no rows.
There was a typo in the code that I posted:
<?php
$result=pg_query($conn, "SELECT * FROM x WHERE a=b;");
if (!$result) {
echo "query did not execute";
}
if (pg_num_rows($result) == 0) {
echo "0 records"
}
else {
while ($row = pg_fetch_array($result)) {
//do stuff with $row
}
}
?>
Use pg_query to call your stored procedures, and use pg_fetch_result when getting a value (like a smallint as in this example) returned by your stored procedure.
<?php
$pgConnection = pg_connect("dbname=users user=me");
$userNameToCheckFor = "metal";
$result = pg_query($pgConnection, "SELECT howManyUsersHaveThisName('$userNameToCheckFor')");
$count = pg_fetch_result($result, 0, 'howManyUsersHaveThisName');
?>
Improving upon what jsuzuki said:
It's probably better to use pg_num_rows() to see if no rows were returned, as that leaves the resultset cursor pointed to the first row so you can use it in a loop.
Example:
<?php
$result=pg_query($conn, "SELECT * FROM x WHERE a=b;");
if (!$result) {
echo "query did not execute";
}
if (pg_num_rows($result) == 0) {
echo "0 records"
}
else {
while ($row = pg_fetch_array($result) {
//do stuff with $row
}
}
?>
I, personally, also find it more readable.
Here is my small function to make it easier for me to use data from select queries (attention, it is sensitive to sql injection)
<?php
function requestToDB($connection,$request){
if(!$result=pg_query($connection,$request)){
return False;
}
$combined=array();
while ($row = pg_fetch_assoc($result)) {
$combined[]=$row;
}
return $combined;
}
?>
Example:
<?php
$conn = pg_pconnect("dbname=mydatabase");
$results=requestToDB($connect,"select * from mytable");
//You can now access a "cell" of your table like this:
$rownumber=0;
$columname="mycolumn";
$mycell=$results[$rownumber][$columname];
var_dump($mycell);