pg_update

pg_update

Update table

 **pg_update** PgSql\Connection $connection string $table_name array $values array $conditions int $flags

updates records that matches
with .

pg_update``conditions``values

If is specified, is applied to with the specified flags. flags``pg_convert``values

By default passes raw values. Values must be escaped or the flag must be specified in . quotes and escapes parameters/identifiers. Therefore, table/column names become case sensitive. pg_update``PGSQL_DML_ESCAPE``flags``PGSQL_DML_ESCAPE

Note that neither escape nor prepared query can protect LIKE query, JSON, Array, Regex, etc. These parameters should be handled according to their contexts. i.e. Escape/validate values.

connection``table_nameName of the table into which to update rows.

values An whose keys are field names in the table , and whose values are what matched rows are to be updated to. array``table_name

conditions An whose keys are field names in the table , and whose values are the conditions that a row must meet to be updated. array``table_name

flags Any number of , , , , or combined. If is part of the then query string is returned. When or is set, it does not call internally. PGSQL_CONV_FORCE_NULL``PGSQL_DML_NO_CONV``PGSQL_DML_ESCAPE``PGSQL_DML_EXEC``PGSQL_DML_ASYNC``PGSQL_DML_STRING``PGSQL_DML_STRING``flags``PGSQL_DML_NO_CONV``PGSQL_DML_ESCAPE``pg_convert

return.success Returns if is passed via . string``PGSQL_DML_STRING``flags

Voorbeeld: example

<?php 
  $db = pg_connect('dbname=foo');
  $data = array('field1'=>'AA', 'field2'=>'BB');
  // This is safe somewhat, since all values are escaped.
  // However PostgreSQL supports JSON/Array. These are not
  // safe by neither escape nor prepared query.
  $res = pg_update($db, 'post_log', $_POST, $data);
  if ($res) {
      echo "Data is updated: $res\n";
  } else {
      echo "User must have sent wrong inputs\n";
  }
?>

pg_convert