Skip site navigation (1) Skip section navigation (2)

Re: Newbie Question-Quoting SQL

From: Andrew McMillan <andrew(at)morphoss(dot)com>
To: Thomas Hart <tehart(at)me(dot)com>
Cc: pgsql-php(at)postgresql(dot)org
Subject: Re: Newbie Question-Quoting SQL
Date: 2009-04-27 20:19:47
Message-ID: 1240863587.12115.105.camel@happy.mcmillan.net.nz (view raw or flat)
Thread:
Lists: pgsql-php
On Mon, 2009-04-27 at 15:56 -0400, Thomas Hart wrote:
> I have some old forms that I used for MySQL a few years ago, and I'm  
> trying to use the with postgres, but I keep on getting a message that  
> the query failed.
> 
> The connection string seems to be okay:
> 
> $link = pg_connect("host=localhost port=5432 dbname=toms_stuff  
> user=postgres password=********");
> 
> The query string, however, seems to be messed up.
> 
>   $result = pg_query ($link, "Select * from Author");
>   if (!$result) {
>   	echo "Query failed.\n";
>   	exit;
>   }
> 
> I assume the fault is in how the Select statement is quoted, but I  
> can't see what I'm doing wrong.
> 
> Any suggestions will be appreciated. Also can anyone give me a general  
> idea of the rules for quoting postgreSQL in PHP?

They don't apply so much to PHP, as to PostgreSQL which follows the SQL
standard for quoting.  Identifiers should be quoted with " and character
strings should be quoted with '.

And then within PHP if you want to have " in a string it should be
escaped like:

"SELECT * FROM \"Author\""
or
'SELECT * FROM "Author"'

or, in the case of using a keyword as a column name:

'select "DATE" from mytable'

You can also escape characters in the PostgreSQL string, using \, but of
course the \ itself may need to be escaped in PHP...

In this string the ' is backslashed to PostgreSQL:

"INSERT INTO \"Author\" (name) VALUES( E'O\\'Connor' )"

Note that the PostgreSQL string needs to be preceded by an "E" if it has
escapes in it (in recent versions of PostgreSQL, at least).


All of this should be in the PostgreSQL manual:

http://www.postgresql.org/docs/8.4/static/sql-syntax-lexical.html#SQL-SYNTAX-IDENTIFIERS


Cheers,
					Andrew McMillan.

------------------------------------------------------------------------
andrew (AT) morphoss (DOT) com                            +64(272)DEBIAN
     Building more free and open source software for New Zealanders
------------------------------------------------------------------------



In response to

pgsql-php by date

Next:From: Bill MoranDate: 2009-05-01 21:03:02
Subject: pg_transaction_status() unreliable?!
Previous:From: Leif B. KristensenDate: 2009-04-27 20:02:19
Subject: Re: Newbie Question-Quoting SQL

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group