PHP.nl

pg_select

pg_select

Select records

 **pg_select** PgSql\Connection $connection string $table_name array $conditions int $flags int $mode

selects records specified by
which has

. For a successful query, it returns an array containing all records and fields that match the condition specified by . pg_select``conditions``field=>value``conditions

If is set, is applied to with the specified flags. flags``pg_convert``conditions

If is set, the return value will be in the form of an array with , an associative array with (default) or both with . mode``PGSQL_NUM``PGSQL_ASSOC``PGSQL_BOTH

By default passes raw values. Values must be escaped or PGSQL_DML_ESCAPE option must be specified. PGSQL_DML_ESCAPE quotes and escapes parameters/identifiers. Therefore, table/column names became case sensitive. pg_select

Note that neither escape nor prepared query can protect LIKE query, JSON, Array, Regex, etc. These parameters should be handled according to their contexts. i.e. Escape/validate values.

connection``table_nameName of the table from which to select rows.

conditions An whose keys are field names in the table , and whose values are the conditions that a row must meet to be retrieved. As of PHP 8.4.0, when an empty array is provided, no conditions will apply. Previously, the function failed with an empty argument. array``table_name``conditions

flags Any number of , , , , or combined. If is part of the then the query string is returned. When or is set, it does not call internally. PGSQL_CONV_FORCE_NULL``PGSQL_DML_NO_CONV``PGSQL_DML_ESCAPE``PGSQL_DML_EXEC``PGSQL_DML_ASYNC``PGSQL_DML_STRING``PGSQL_DML_STRING``flags``PGSQL_DML_NO_CONV``PGSQL_DML_ESCAPE``pg_convert

mode Any number of , or

    If  is set the return value will be an associative ,
    with  the return value will be an , and
    with  the return value will be both an associative and
    numerically indexed .
  `PGSQL_ASSOC``PGSQL_NUM``PGSQL_BOTH``PGSQL_ASSOC``array``PGSQL_NUM``array``PGSQL_BOTH``array`

Returns if is passed via , otherwise it returns an on success, return.falseforfailure. string``PGSQL_DML_STRING``flags``array

Voorbeeld: example

<?php 
  $db = pg_connect('dbname=foo');
  // This is safe somewhat, since all values are escaped.
  // However PostgreSQL supports JSON/Array. These are not
  // safe by neither escape nor prepared query.
  $rec = pg_select($db, 'post_log', $_POST, PG_DML_ESCAPE);
  if ($rec) {
      echo "Records selected\n";
      var_dump($rec);
  } else {
      echo "User must have sent wrong inputs\n";
  }
?>

pg_convert

Vorige ← pg_result_status Volgende pg_send_execute →

Documentatie