On Mon, 2009-04-27 at 15:56 -0400, Thomas Hart wrote:
> I have some old forms that I used for MySQL a few years ago, and I'm
> trying to use the with postgres, but I keep on getting a message that
> the query failed.
>
> The connection string seems to be okay:
>
> $link = pg_connect("host=localhost port=5432 dbname=toms_stuff
> user=postgres password=********");
>
> The query string, however, seems to be messed up.
>
> $result = pg_query ($link, "Select * from Author");
> if (!$result) {
> echo "Query failed.\n";
> exit;
> }
>
> I assume the fault is in how the Select statement is quoted, but I
> can't see what I'm doing wrong.
>
> Any suggestions will be appreciated. Also can anyone give me a general
> idea of the rules for quoting postgreSQL in PHP?
They don't apply so much to PHP, as to PostgreSQL which follows the SQL
standard for quoting. Identifiers should be quoted with " and character
strings should be quoted with '.
And then within PHP if you want to have " in a string it should be
escaped like:
"SELECT * FROM \"Author\""
or
'SELECT * FROM "Author"'
or, in the case of using a keyword as a column name:
'select "DATE" from mytable'
You can also escape characters in the PostgreSQL string, using \, but of
course the \ itself may need to be escaped in PHP...
In this string the ' is backslashed to PostgreSQL:
"INSERT INTO \"Author\" (name) VALUES( E'O\\'Connor' )"
Note that the PostgreSQL string needs to be preceded by an "E" if it has
escapes in it (in recent versions of PostgreSQL, at least).
All of this should be in the PostgreSQL manual:
http://www.postgresql.org/docs/8.4/static/sql-syntax-lexical.html#SQL-SYNTAX-IDENTIFIERS
Cheers,
Andrew McMillan.
------------------------------------------------------------------------
andrew (AT) morphoss (DOT) com +64(272)DEBIAN
Building more free and open source software for New Zealanders
------------------------------------------------------------------------