pg_insert
(PHP 4 >= 4.3.0, PHP 5, PHP 7, PHP 8)
pg_insert —
Insert array into table
Опис
If flags
is specified,
pg_convert() is applied to
values
with the specified flags.
By default pg_insert() passes raw values.
Values must be escaped or the PGSQL_DML_ESCAPE
flag
must be specified in flags
.
PGSQL_DML_ESCAPE
quotes and escapes parameters/identifiers.
Therefore, table/column names become case sensitive.
Note that neither escape nor prepared query can protect LIKE query,
JSON, Array, Regex, etc. These parameters should be handled
according to their contexts. i.e. Escape/validate values.
Помилки/виключення
A ValueError is thrown when the specified table is invalid.
A ValueError or TypeError is thrown
when the value or type of field does not match properly with a PostgreSQL's type.
Приклади
Приклад #1 pg_insert() example
<?php
$dbconn = pg_connect('dbname=foo');
// This is safe somewhat, since all values are escaped.
// However PostgreSQL supports JSON/Array. These are not
// safe by neither escape nor prepared query.
$res = pg_insert($dbconn, 'post_log', $_POST, PGSQL_DML_ESCAPE);
if ($res) {
echo "POST data is successfully logged\n";
} else {
echo "User must have sent wrong inputs\n";
}
?>
Прогляньте також
- pg_convert() - Convert associative array values into forms suitable for SQL statements