pg_insert() inserts the values of assoc_array
into the table specified by table_name
. If options
is specified, pg_convert() is applied to assoc_array
with the specified options.
PostgreSQL database connection resource.
Name of the table into which to insert rows. The table table_name
must at least have as many columns as assoc_array
has elements.
An array whose keys are field names in the table table_name
, and whose values are the values of those fields that are to be inserted.
Any number of PGSQL_CONV_OPTS
, PGSQL_DML_NO_CONV
, PGSQL_DML_ESCAPE
, PGSQL_DML_EXEC
, PGSQL_DML_ASYNC
or PGSQL_DML_STRING
combined. If PGSQL_DML_STRING
is part of the options
then query string is returned. When PGSQL_DML_NO_CONV
or PGSQL_DML_ESCAPE
is set, it does not call pg_convert() internally.
Returns TRUE
on success or FALSE
on failure. Returns string if PGSQL_DML_STRING
is passed via options
.
No longer experimental. Added PGSQL_DML_ESCAPE
constant, TRUE
/FALSE
and NULL
data type support.
Direct SQL injection to table_name
and Indirect SQL injection to identifiers are fixed.
<?php $dbconn = pg_connect('dbname=foo'); // This is safe, since $_POST is converted automatically $res = pg_insert($dbconn, 'post_log', $_POST); if ($res) { echo "POST data is successfully logged\n"; } else { echo "User must have sent wrong inputs\n"; } ?>
Please login to continue.