[OT] Re: Could be a FAQ: prepare/execute in PHP? - Mailing list pgsql-general
| From | wsheldah@lexmark.com |
|---|---|
| Subject | [OT] Re: Could be a FAQ: prepare/execute in PHP? |
| Date | |
| Msg-id | 200111281817.NAA22296@interlock2.lexmark.com Whole thread Raw |
| Responses |
Re: [OT] Re: Could be a FAQ: prepare/execute in PHP?
|
| List | pgsql-general |
First of all, this is clearly a PHP problem, not a Postgresql problem. But that's ok. The lack of the standard database API is one of the biggest reasons I gave up on PHP last Spring after trying it for a couple months. I knew that sooner or later I'd find myself in exactly the mess you seem to be in. No offense of course. ;-) Perl's DBI works pretty much the same across platforms, especially in how it takes care of the quoting issue you describe. There are a number of ways to embed perl code in html pages much like PHP, including HTML::Mason and Embperl. Staying with PHP, you probably want to look at magicquotes related functions and configuration options, and the addslashes and stripslashes functions. In particular, I think there's a magic_quotes_sybase option that looks like it may play well with postgres. Good luck, Wes Sheldahl Kirk Strauser <kirk%nmotioninc.com@interlock.lexmark.com> on 11/28/2001 11:53:13 AM To: pgsql-general%postgresql.org@interlock.lexmark.com cc: (bcc: Wesley Sheldahl/Lex/Lexmark) Subject: [GENERAL] Could be a FAQ: prepare/execute in PHP? My company is migrating our PHP4 web sites from Interbase (boo!) to PostgreSQL (yay!). One big snag, though, is that we had been using the ibase_prepare() and ibase_execute() functions quite heavily throughout all of the sites, and PHP's PostgreSQL API doesn't *seem* to include similar functionality. Now, I don't know that it would have a negative performance impact. Frankly, I haven't delved into the code, so for all I know, it uses a lot of internal caching to emulate prepare/execute. The main problem, though, is that the prepare/execute style lets you avoid a lot of quoting issues when inserting data. For example, in our old code, we'd use: $sth = ibase_prepare($dbh, "insert into foo (bar, baz) values (?, ?)"); ibase_execute($sth, $var1, $var2); Since the PHP backend would map the placeholders directly to the fields bar and baz, we didn't have to worry about any great level of sanity checking. Any values of $var1 and $var2 would be cheerfully written into bar and baz, regardless of quotes or embedded SQL statements or anything else. The lack of an pg_execute() function means that we'll have to build the SQL queries from scratch and rewrite large chunks of our code. So, does anyone have any suggestions for how we can work around this, or how other people have handled the situation, or even why the PostgreSQL API is better or worse than the MySQL/Interbase API? A million thanks, -- Kirk Strauser Internet Software Engineer NMotion, Inc. ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org
pgsql-general by date: