Re: Newbie Question-Quoting SQL

From: Andrew McMillan <andrew(at)morphoss(dot)com>
To: Thomas Hart <tehart(at)me(dot)com>
Cc: pgsql-php(at)postgresql(dot)org
Subject: Re: Newbie Question-Quoting SQL
Date: 2009-04-27 20:19:47
Message-ID: 1240863587.12115.105.camel@happy.mcmillan.net.nz
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-php

On Mon, 2009-04-27 at 15:56 -0400, Thomas Hart wrote:
> I have some old forms that I used for MySQL a few years ago, and I'm
> trying to use the with postgres, but I keep on getting a message that
> the query failed.
>
> The connection string seems to be okay:
>
> $link = pg_connect("host=localhost port=5432 dbname=toms_stuff
> user=postgres password=********");
>
> The query string, however, seems to be messed up.
>
> $result = pg_query ($link, "Select * from Author");
> if (!$result) {
> echo "Query failed.\n";
> exit;
> }
>
> I assume the fault is in how the Select statement is quoted, but I
> can't see what I'm doing wrong.
>
> Any suggestions will be appreciated. Also can anyone give me a general
> idea of the rules for quoting postgreSQL in PHP?

They don't apply so much to PHP, as to PostgreSQL which follows the SQL
standard for quoting. Identifiers should be quoted with " and character
strings should be quoted with '.

And then within PHP if you want to have " in a string it should be
escaped like:

"SELECT * FROM \"Author\""
or
'SELECT * FROM "Author"'

or, in the case of using a keyword as a column name:

'select "DATE" from mytable'

You can also escape characters in the PostgreSQL string, using \, but of
course the \ itself may need to be escaped in PHP...

In this string the ' is backslashed to PostgreSQL:

"INSERT INTO \"Author\" (name) VALUES( E'O\\'Connor' )"

Note that the PostgreSQL string needs to be preceded by an "E" if it has
escapes in it (in recent versions of PostgreSQL, at least).

All of this should be in the PostgreSQL manual:

http://www.postgresql.org/docs/8.4/static/sql-syntax-lexical.html#SQL-SYNTAX-IDENTIFIERS

Cheers,
Andrew McMillan.

------------------------------------------------------------------------
andrew (AT) morphoss (DOT) com +64(272)DEBIAN
Building more free and open source software for New Zealanders
------------------------------------------------------------------------

In response to

Browse pgsql-php by date

  From Date Subject
Next Message Bill Moran 2009-05-01 21:03:02 pg_transaction_status() unreliable?!
Previous Message Leif B. Kristensen 2009-04-27 20:02:19 Re: Newbie Question-Quoting SQL