Could be a FAQ: prepare/execute in PHP? - Mailing list pgsql-general

From Kirk Strauser
Subject Could be a FAQ: prepare/execute in PHP?
Date
Msg-id 87n116on0m.fsf@legion.priv
Whole thread Raw
Responses Re: Could be a FAQ: prepare/execute in PHP?
List pgsql-general
My company is migrating our PHP4 web sites from Interbase (boo!) to
PostgreSQL (yay!).  One big snag, though, is that we had been using the
ibase_prepare() and ibase_execute() functions quite heavily throughout all
of the sites, and PHP's PostgreSQL API doesn't *seem* to include similar
functionality.

Now, I don't know that it would have a negative performance impact.
Frankly, I haven't delved into the code, so for all I know, it uses a lot of
internal caching to emulate prepare/execute.  The main problem, though, is
that the prepare/execute style lets you avoid a lot of quoting issues when
inserting data.  For example, in our old code, we'd use:

  $sth = ibase_prepare($dbh, "insert into foo (bar, baz) values (?, ?)");
  ibase_execute($sth, $var1, $var2);

Since the PHP backend would map the placeholders directly to the fields bar
and baz, we didn't have to worry about any great level of sanity checking.
Any values of $var1 and $var2 would be cheerfully written into bar and baz,
regardless of quotes or embedded SQL statements or anything else.  The lack
of an pg_execute() function means that we'll have to build the SQL queries
from scratch and rewrite large chunks of our code.

So, does anyone have any suggestions for how we can work around this, or how
other people have handled the situation, or even why the PostgreSQL API is
better or worse than the MySQL/Interbase API?

A million thanks,
--
Kirk Strauser
Internet Software Engineer
NMotion, Inc.

pgsql-general by date:

Previous
From: teg@redhat.com (Trond Eivind Glomsrød)
Date:
Subject: Re: Locale and C Locale
Next
From: Tielman J de Villiers
Date:
Subject: Re: Timing a query