Skip site navigation (1) Skip section navigation (2)

Re: More PHP DB abstraction layer stuff

From: Doug McNaught <doug(at)mcnaught(dot)org>
To: Greg Stark <gsstark(at)mit(dot)edu>
Cc: gearond(at)cvc(dot)net,"Nigel J(dot) Andrews" <nandrews(at)investsystems(dot)co(dot)uk>,pgsql-general(at)postgresql(dot)org, pgsql-interfaces(at)postgresql(dot)org
Subject: Re: More PHP DB abstraction layer stuff
Date: 2003-01-24 20:24:56
Message-ID: m3u1fymh2f.fsf@varsoon.wireboard.com (view raw or flat)
Thread:
Lists: pgsql-generalpgsql-interfaces
Greg Stark <gsstark(at)mit(dot)edu> writes:

> Doug McNaught <doug(at)mcnaught(dot)org> writes:
> 
> > $stmt = $dbh->prepare("select * from mytable where first_name = ?");
> > $ret_val = $sth->execute("Fred");   # might come from a web form instead
> > @row = $sth->fetchrow_array();
> > 
> > The database driver is responsible for turning the '?' in the query
> > into a properly-quoted and escaped value, or otherwise supplying it to
> > the database.  The '?' is a placeholder.
> 
> Except that that's not what the driver does, at least not for databases that
> are capable of doing better. It sends the placeholders to the database as they
> are. (Or in a different syntax like :1 :2 :3 for Oracle for example.) 

Right, but currently for PG (this being a PG list :) it just does the
quoting/escaping and builds the query itself.  It's still safer than
doing it by hand, as long as the database driver is trustworthy and
knows the databases escaping conventions.

I think there has been discussion about extending the protocol to
allow Oracle-style prepared statement execution, but right now it
isn't supported.  Prepared queries only went in in 7.3, after all...

-Doug


In response to

pgsql-interfaces by date

Next:From: Lincoln YeohDate: 2003-01-24 21:37:35
Subject: Re: More PHP DB abstraction layer stuff
Previous:From: Greg StarkDate: 2003-01-24 20:19:00
Subject: Re: More PHP DB abstraction layer stuff

pgsql-general by date

Next:From: Greg Sabino MullaneDate: 2003-01-24 21:11:23
Subject: Searchable 7.3.1 Documentation - now interactive!
Previous:From: Greg StarkDate: 2003-01-24 20:19:00
Subject: Re: More PHP DB abstraction layer stuff

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group