Skip site navigation (1) Skip section navigation (2)

Re: checking select query syntax and semantics via php without executing

From: Bill Moran <wmoran(at)potentialtech(dot)com>
To: Marco Dieckhoff <dieck(at)gmx(dot)de>
Cc: pgsql-php(at)postgresql(dot)org
Subject: Re: checking select query syntax and semantics via php without executing
Date: 2009-10-05 22:01:39
Message-ID: 20091005180139.25cc9511.wmoran@potentialtech.com (view raw or flat)
Thread:
Lists: pgsql-php
In response to Marco Dieckhoff <dieck(at)gmx(dot)de>:
> 
> Hi there!
> 
> Is it possible in PHP to give a sql (select) query to Postgres via pg_* 
> so that it is NOT executed but merely checked for syntax including 
> correct, existing field and table names, and data types?
> 
> 
> I'm working on a system where users may assemble their own query in a 
> construction kit, and want that to be checked, so that they don't e.g. 
> compare UUID "<" datetime or something like this.
> 
> 
> If I try to execute the generated query, bad queries are instantly found 
> by pg_query.
> 
> 
> But good ones are fully executed, which can take a long time depending 
> on joins and aggregations.
> 
> It seems that pg_prepare doesn't return errors on bad queries, 
> pg_last_error() is empty.
> 
> The asynchronous pg_send_query (and pg_cancel_query) seem not to return 
> any errors, either.
> 
> I tried with three queries:
> 
> "SELECT * FROM tableok"
> "SELECT nonexistingfield FROM nonexistingtable"
> "SELECT complete bad / sql query FROM nonsense"
> 
> 
> Any ideas?

Off the top of my head, you could prefix the query with EXPLAIN, which
will cause it to be planned (thus checking syntax) and return an
execution plan, but not actually run the query.

-- 
Bill Moran
http://www.potentialtech.com
http://people.collaborativefusion.com/~wmoran/

In response to

Responses

pgsql-php by date

Next:From: Marco DieckhoffDate: 2009-10-05 22:03:36
Subject: Re: checking select query syntax and semantics via php without executing
Previous:From: Raymond O'DonnellDate: 2009-10-05 21:50:51
Subject: Re: checking select query syntax and semantics via php without executing

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group