Skip site navigation (1) Skip section navigation (2)

checking select query syntax and semantics via php without executing

From: Marco Dieckhoff <dieck(at)gmx(dot)de>
To: pgsql-php(at)postgresql(dot)org
Subject: checking select query syntax and semantics via php without executing
Date: 2009-10-05 21:34:32
Message-ID: 4ACA6668.2000701@gmx.de (view raw or flat)
Thread:
Lists: pgsql-php
Hi there!

Is it possible in PHP to give a sql (select) query to Postgres via pg_* 
so that it is NOT executed but merely checked for syntax including 
correct, existing field and table names, and data types?


I'm working on a system where users may assemble their own query in a 
construction kit, and want that to be checked, so that they don't e.g. 
compare UUID "<" datetime or something like this.


If I try to execute the generated query, bad queries are instantly found 
by pg_query.


But good ones are fully executed, which can take a long time depending 
on joins and aggregations.

It seems that pg_prepare doesn't return errors on bad queries, 
pg_last_error() is empty.

The asynchronous pg_send_query (and pg_cancel_query) seem not to return 
any errors, either.

I tried with three queries:

"SELECT * FROM tableok"
"SELECT nonexistingfield FROM nonexistingtable"
"SELECT complete bad / sql query FROM nonsense"


Any ideas?

Responses

pgsql-php by date

Next:From: Raymond O'DonnellDate: 2009-10-05 21:50:51
Subject: Re: checking select query syntax and semantics via php without executing
Previous:From: Gustavo Amarilla SantacruzDate: 2009-09-22 15:54:27
Subject: Re: Error code

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group