pg_update

(PHP 4 >= 4.3.0, PHP 5, PHP 7)

Update table

mixed pg_update ( resource $connection, string $table_name, array $data, array $condition [, int $options = PGSQL_DML_EXEC ] )

pg_update() updates records that matches condition with data. If options is specified, pg_convert() is applied to data with specified options.

Parameters:

connection

PostgreSQL database connection resource.

table_name

Name of the table into which to update rows.

data

An array whose keys are field names in the table table_name, and whose values are what matched rows are to be updated to.

condition

An array whose keys are field names in the table table_name, and whose values are the conditions that a row must meet to be updated.

options

Any number of PGSQL_CONV_FORCE_NULL, PGSQL_DML_NO_CONV, PGSQL_DML_ESCAPE, PGSQL_DML_EXEC, PGSQL_DML_ASYNC or PGSQL_DML_STRING combined. If PGSQL_DML_STRING is part of the options then query string is returned. When PGSQL_DML_NO_CONV or PGSQL_DML_ESCAPE is set, it does not call pg_convert() internally.

Returns:

Returns TRUE on success or FALSE on failure. Returns string if PGSQL_DML_STRING is passed via options.

Changelog:

5.6.0

No longer experimental. Added PGSQL_DML_ESCAPE constant, TRUE/FALSE and NULL data type support.

5.5.3/5.4.19

Direct SQL injection to table_name and Indirect SQL injection to identifiers are fixed.

Examples:

pg_update() example

<?php 
  $db = pg_connect('dbname=foo');
  $data = array('field1'=>'AA', 'field2'=>'BB');
  
  // This is safe, since $_POST is converted automatically
  $res = pg_update($db, 'post_log', $_POST, $data);
  if ($res) {
      echo "Data is updated: $res\n";
  } else {
      echo "User must have sent wrong inputs\n";
  }
?>