pg_insert
pg_insert
Insert array into table
**pg_insert** PgSql\Connection $connection string $table_name array $values int $flags
inserts the values
of into the table specified
by .
pg_insert``values``table_name
If is specified,
is applied to
with the specified flags.
flags``pg_convert``values
By default passes raw values.
Values must be escaped or the flag
must be specified in .
quotes and escapes parameters/identifiers.
Therefore, table/column names become case sensitive.
pg_insert``PGSQL_DML_ESCAPE``flags``PGSQL_DML_ESCAPE
Note that neither escape nor prepared query can protect LIKE query, JSON, Array, Regex, etc. These parameters should be handled according to their contexts. i.e. Escape/validate values.
connection``table_name
Name of the table into which to insert rows. The table must at least
have as many columns as has elements.
table_name``values
values
An whose keys are field names in the table ,
and whose values are the values of those fields that are to be inserted.
array``table_name
flags
Any number of ,
,
,
,
or
combined. If is part of the
then query string is returned. When
or is set, it does not call internally.
PGSQL_CONV_OPTS``PGSQL_DML_NO_CONV``PGSQL_DML_ESCAPE``PGSQL_DML_EXEC``PGSQL_DML_ASYNC``PGSQL_DML_STRING``PGSQL_DML_STRING``flags``PGSQL_DML_NO_CONV``PGSQL_DML_ESCAPE``pg_convert
return.success. Or returns a string on success if is passed
via .
PGSQL_DML_STRING``flags
A is thrown when the specified table is invalid.
ValueError
A or is thrown
when the value or type of field does not match properly with a PostgreSQL's type.
ValueError``TypeError
Voorbeeld: example
<?php
$dbconn = pg_connect('dbname=foo');
// This is safe somewhat, since all values are escaped.
// However PostgreSQL supports JSON/Array. These are not
// safe by neither escape nor prepared query.
$res = pg_insert($dbconn, 'post_log', $_POST, PGSQL_DML_ESCAPE);
if ($res) {
echo "POST data is successfully logged\n";
} else {
echo "User must have sent wrong inputs\n";
}
?>
pg_convert