pg_host
Today at work I isolated a problem I was having with this function to how I was formatting the date. I was assigning the date in my code as follows:
$today = date( "Ymd" ); // ISO 8601
This format is acceptable to PostgreSQL, as verified by their documentation and buy tests using psql. However, to make it work in my code, I had to make the following change:
$today = date( "Y-m-d" ); // also ISO 8601 format
pg_insert
(PHP 4 >= 4.3.0, PHP 5)
pg_insert — Überträgt Werte aus einem Array in eine Tabelle
Beschreibung
mixed pg_insert
( resource
$connection
, string $table_name
, array $assoc_array
[, int $options = PGSQL_DML_EXEC
] )
pg_insert() fügt die Werte des assoc_array
in die Tabelle table_name ein. Falls options
angegeben wurde, wird pg_insert() auf assoc_array
mit den angegebenen Optionnen angewendet.
Warnung
Diese Funktion ist EXPERIMENTELL. Das Verhalten, der Funktionsname und alles Andere, was hier dokumentiert ist, kann sich in zukünftigen PHP-Versionen ohne Ankündigung ändern. Seien Sie gewarnt und verwenden Sie diese Funktion auf eigenes Risiko.
Parameter-Liste
-
connection -
PostgreSQL Verbindungskennung.
-
table_name -
Name der Tabelle, in die die Zeilen eingefügt werden sollen.
table_namemuss mindestens soviele Spalten haben, wie dasassoc_arrayElemente. -
assoc_array -
Ein array dessen Indizes Feldnamen von
table_namesind und dessen Werte in die entprechenden Spalten eingefügt werden. -
options -
Jede Kombination aus
PGSQL_CONV_OPTS,PGSQL_DML_NO_CONV,PGSQL_DML_EXEC,PGSQL_DML_ASYNCoderPGSQL_DML_STRING. FallsPGSQL_DML_STRINGbei denoptionsangegeben wurde, wird der Abfrage-String zurückgegeben.
Rückgabewerte
Gibt bei Erfolg TRUE zurück. Im Fehlerfall wird FALSE zurückgegeben. Falls die Konstante PGSQL_DML_STRING in den options übergeben wurde, wird ein string zurückgegeben.
Beispiele
Beispiel #1 pg_insert() Beispiel
<?php
$dbconn = pg_connect('dbname=foo');
// Das ist sicher, da $_POST automatisch konvertiert wird
$res = pg_insert($dbconn, 'post_log', $_POST);
if ($res) {
echo "Der Inhalt von $_POST wurde protokolliert\n";
} else {
echo "Vermutlich wurden falsche Eingabedaten gesendet\n";
}
?>
Siehe auch
- pg_convert() - Konvertiert die Werte eines assoziativen Arrays in passende Werte für SQL-Kommandos.
add a note
User Contributed Notespg_insert
excalibur at nospam dot icehouse dot net
17-Oct-2006 05:06
17-Oct-2006 05:06
ANDYCHR17 at HOTMAIL dot COM
05-May-2006 11:50
05-May-2006 11:50
Had a few issues while trying to run this in PHP 4.4.0:
- I could not get it to work with column names that are SQL reserved words (example: desc, order). I was forced to change the column names in order to use the function. I could not put the column names in quotes, because that caused pg_convert() to fail.
- Function was returning false until I passed the PGSQL_DML_EXEC option.
skippy at zuavra dot net
14-Feb-2005 04:08
14-Feb-2005 04:08
Beware of the following: pg_insert() and pg_update() are adding slashes to all character-like fields they work with. This makes them SQL injection super-safe, but there are unwanted consequences, as follows:
If you have a regular setup with magic_quotes_gcp=On, and you use pg_insert() or pg_update(), you will end up with fields that look as if you used addslashes() twice. To solve this, you can use stripslashes() on the data just before using it with pg_insert() or pg_update().
There's another alternative, which seems better to me. Why make yourself crazy all over the code, adding slashes, stripping slashes, worrying whether magic_quotes_gpc is on or off and so on and so forth? Why do this, when the only place you actually need those slashes is right when you push the data into the database?
So why not get rid of your addslashes() and stripslashes() from all over your code, and turn magic_quotes_gcp off. As long as you always use pg_insert() and pg_update() to do your DB work, you're SQL-injection safe AND slash-headache free.
mina86 at tlen dot pl
24-May-2004 03:24
24-May-2004 03:24
Next version :) My version checks whether value is bool, null, string or numeric and if one of the values is not function returns false if not. null values are inserted as NULL, bool as true or false and strings are add-shlashed before adding to query string. Note, that this function is not safe. SQL injection is possible with column names if you use $_POST or something similar as a $array.
<?php
function db_build_insert($table, $array) {
if (count($array)===0) return false;
$columns = array_keys($array);
$values = array_values($array);
unset($array);
for ($i = 0, $c = count($values); $i$c; ++$i) {
if (is_bool($values[$i])) {
$values[$i] = $values[$i]?'true':'false';
} elseif (is_null($values[$i])) {
$values[$i] = 'NULL';
} elseif (is_string($values[$i])) {
$values[$i] = "'" . addslashes($values[$i]) . "'";
} elseif (!is_numeric($values[$i])) {
return false;
}
}
return "INSERT INTO $table ($column_quote" . implode(', ', $columns) .
") VALUES (" . implode(', ', $values) . ")";
}
?>
shane at treesandthings dot com
22-Jan-2004 05:04
22-Jan-2004 05:04
Returns SQL statement, slight improvement on the code from 'rorezende at hotmail dot com'. This version adds bool values correctly.It also checks to make sure there is actually a value in the array before including it in the sql statement. (ie: null values or empty strings won't be added to the sql statement)
<?PHP
function db_build_insert($table,$array)
{
$str = "insert into $table ";
$strn = "(";
$strv = " VALUES (";
while(list($name,$value) = each($array)) {
if(is_bool($value)) {
$strn .= "$name,";
$strv .= ($value ? "true":"false") . ",";
continue;
};
if(is_string($value)) {
$strn .= "$name,";
$strv .= "'$value',";
continue;
}
if (!is_null($value) and ($value != "")) {
$strn .= "$name,";
$strv .= "$value,";
continue;
}
}
$strn[strlen($strn)-1] = ')';
$strv[strlen($strv)-1] = ')';
$str .= $strn . $strv;
return $str;
}
?>
rorezende at hotmail dot com
16-Jul-2003 08:49
16-Jul-2003 08:49
Time is money, then I write a function similar to pg_insert in PHP (only output sql statement) :
function db_mount_insert($table,$array) {
$str = "insert into $table (";
while(list($name,$value) = each($array)) {
$str .= "$name,";
}
$str[strlen($str)-1] = ')';
$str .= " values (";
reset($array);
while(list($name,$value) = each($array)) {
if(is_string($value))
$str .= "'$value',";
else
$str .= "$value,";
}
$str[strlen($str)-1] = ')';
$str .= ";" ;
return $str;
}