Thread: entrance from php to postgresql
Hi, i'm new here. my question is: Which is the best way to make an entrance from php to postgresql? I read in a manual call "PHP and Postgresql" writed for Vikram Vaswani, he mentioned that is useful to do it: http://www.devshed.com/c/a/PHP/PHP-and-PostgreSQL/5/ Please i need help .... recommend this?
On Jul 11, 2006, at 10:39 AM, DCarrero wrote: > Hi, i'm new here. my question is: Which is the best way to make an > entrance from php to postgresql? > I read in a manual call "PHP and Postgresql" writed for Vikram > Vaswani, he mentioned that is useful to do it: > http://www.devshed.com/c/a/PHP/PHP-and-PostgreSQL/5/ > Please i need help .... > recommend this? I'm not sure if you are asking about tools/software or just general information about how to connect PHP and PostgreSQL. The PHP documentation is here: http://www.php.net/manual/en/ref.pgsql.php This book might be helpful to you: http://www.amazon.com/gp/product/1590595475/103-7344715-4732658? v=glance&n=283155 If you need software and are using Mac or Windows, pgEdit supports PHP and PostgreSQL (http://pgedit.com/products). PHP is built-in so you don't have to install anything else to connect to a PostgreSQL database. John DeSoi, Ph.D. http://pgedit.com/ Power Tools for PostgreSQL
On Jul 11, 2006, at 1:23 PM, DCarrero wrote: > I was asking if this useful, or secure to do a transaction on web, or > you recomend use a function with parameters an inside this insert > data, thank for the information too... If you are inserting user entered data (especially from the web) I highly recommend you use prepared statements. This will deal with security issues related to SQL injection. I prefer to use functions, but it is not necessary. Here is a short article I wrote which you might find helpful in using prepared statements from PHP: http://pgedit.com/resource/php/pgfuncall John DeSoi, Ph.D. http://pgedit.com/ Power Tools for PostgreSQL
2006/7/11, John DeSoi <desoi@pgedit.com>: > > On Jul 11, 2006, at 10:39 AM, DCarrero wrote: > > > Hi, i'm new here. my question is: Which is the best way to make an > > entrance from php to postgresql? > > I read in a manual call "PHP and Postgresql" writed for Vikram > > Vaswani, he mentioned that is useful to do it: > > http://www.devshed.com/c/a/PHP/PHP-and-PostgreSQL/5/ > > Please i need help .... > > recommend this? > > I'm not sure if you are asking about tools/software or just general > information about how to connect PHP and PostgreSQL. The PHP > documentation is here: > > http://www.php.net/manual/en/ref.pgsql.php > > This book might be helpful to you: > > http://www.amazon.com/gp/product/1590595475/103-7344715-4732658? > v=glance&n=283155 > > > If you need software and are using Mac or Windows, pgEdit supports > PHP and PostgreSQL (http://pgedit.com/products). PHP is built-in so > you don't have to install anything else to connect to a PostgreSQL > database. > > > John DeSoi, Ph.D. > http://pgedit.com/ > Power Tools for PostgreSQL > > I was asking if this useful, or secure to do a transaction on web, or you recomend use a function with parameters an inside this insert data, thank for the information too...
2006/7/11, John DeSoi <desoi@pgedit.com>: > > On Jul 11, 2006, at 1:23 PM, DCarrero wrote: > > > I was asking if this useful, or secure to do a transaction on web, or > > you recomend use a function with parameters an inside this insert > > data, thank for the information too... > > If you are inserting user entered data (especially from the web) I > highly recommend you use prepared statements. This will deal with > security issues related to SQL injection. I prefer to use functions, > but it is not necessary. Here is a short article I wrote which you > might find helpful in using prepared statements from PHP: > > http://pgedit.com/resource/php/pgfuncall Thanks again :D
Hi again...
I'm confused
I have this table:
CREATE TABLE jugeninno
(
nrt_nino rut NOT NULL,
dgv_ninno char(1),
nom_ninno varchar(50),
ape_ninno varchar(50),
num_mesna int4,
num_annon int4,
gls_sexo char(1),
nrt_adult varchar(10),
dgv_adult char(1),
nom_adult varchar(50),
gls_domic varchar(50),
num_orgso int4,
flg_inclu char(1),
CONSTRAINT jugeninno_pkey PRIMARY KEY (nrt_nino)
)
Then in php a query like this???
$query="PREPARE agregar_data(varchar(10), char(1), varchar(50),
varchar(50), int4, int4, char(1), varchar(10), char(1),
varchar(50), varchar(50), int4, char(1)) AS
INSERT INTO jugeninno(nrt_nino, dgv_ninno, nom_ninno, ape_ninno,
num_mesna, num_annon, gls_sexo,
nrt_adult, dgv_adult, nom_adult, gls_domic, num_orgso, flg_inclu)
VALUES($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13);"
take the post variables and execute with pg_execute()
pg_execute ($conn1,"select
agregar_data($rutninno,$dgvninno,$nomninno,$apeninno,
$nummesna,$numannona,$glssexo,$nrtadult,$dgvadult,$nomadult,$glsdomic,
$numorgsoc,$flginclu);");
This is ok???
After what????
2006/7/11, DCarrero <dcarreroc@gmail.com>: > Hi again... > I'm confused > I have this table: > CREATE TABLE jugeninno > ( > nrt_nino rut NOT NULL, > dgv_ninno char(1), > nom_ninno varchar(50), > ape_ninno varchar(50), > num_mesna int4, > num_annon int4, > gls_sexo char(1), > nrt_adult varchar(10), > dgv_adult char(1), > nom_adult varchar(50), > gls_domic varchar(50), > num_orgso int4, > flg_inclu char(1), > CONSTRAINT jugeninno_pkey PRIMARY KEY (nrt_nino) > ) > > Then in php a query like this??? > $query="PREPARE agregar_data(varchar(10), char(1), varchar(50), > varchar(50), int4, int4, char(1), varchar(10), char(1), > varchar(50), varchar(50), int4, char(1)) AS > INSERT INTO jugeninno(nrt_nino, dgv_ninno, nom_ninno, ape_ninno, > num_mesna, num_annon, gls_sexo, > nrt_adult, dgv_adult, nom_adult, gls_domic, num_orgso, flg_inclu) > VALUES($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13);" > > take the post variables and execute with pg_execute() > > pg_execute ($conn1,"select > agregar_data($rutninno,$dgvninno,$nomninno,$apeninno, > $nummesna,$numannona,$glssexo,$nrtadult,$dgvadult,$nomadult,$glsdomic, > $numorgsoc,$flginclu);"); > This is ok??? > After what???? > Is not better pg_prepare(); ??? and later pg_execute();
On Jul 11, 2006, at 5:38 PM, DCarrero wrote: > Is not better pg_prepare(); ??? > and later pg_execute(); Yes, this is the way to go. John John DeSoi, Ph.D. http://pgedit.com/ Power Tools for PostgreSQL
> Yes, this is the way to go. > > John > > Thanks John, i'll learn :D