pg_select() selects records specified by assoc_array which has field=>value. For a successful query, it returns an array containing all records and fields that match the condition specified by assoc_array.
If options is specified, pg_convert() is applied to assoc_array with the specified flags.
PostgreSQL database connection resource.
Name of the table from which to select rows.
An array whose keys are field names in the table table_name, and whose values are the conditions that a row must meet to be retrieved.
Any number of PGSQL_CONV_FORCE_NULL, PGSQL_DML_NO_CONV, PGSQL_DML_ESCAPE, PGSQL_DML_EXEC, PGSQL_DML_ASYNC or PGSQL_DML_STRING combined. If PGSQL_DML_STRING is part of the options then query string is returned. When PGSQL_DML_NO_CONV or PGSQL_DML_ESCAPE is set, it does not call pg_convert() internally.
Returns TRUE on success or FALSE on failure. Returns string if PGSQL_DML_STRING is passed via options.
No longer experimental. Added PGSQL_DML_ESCAPE constant, TRUE/FALSE and NULL data type support.
Direct SQL injection to table_name and Indirect SQL injection to identifiers are fixed.
1 2 3 4 5 6 7 8 9 10 11 | <?php $db = pg_connect('dbname=foo'); // This is safe, since $_POST is converted automatically $rec = pg_select($db, 'post_log', $_POST); if ($rec) { echo "Records selected\n"; var_dump($rec); } else { echo "User must have sent wrong inputs\n"; }?> |
Please login to continue.