pg_select

Select records

Description

mixed pg_select ( resource $connection , string $table_name , array $assoc_array [, int $options = PGSQL_DML_EXEC ] )

pg_select selects records specified by assoc_array which has field=>value. For a successful query, it returns an array containing all records and fields that match the condition specified by assoc_array.

If options is specified, pg_convert is applied to assoc_array with the specified flags.

Parameters

connection

PostgreSQL database connection resource.

table_name

Name of the table from which to select rows.

assoc_array

An array whose keys are field names in the table table_name, and whose values are the conditions that a row must meet to be retrieved.

options

Any number of PGSQL_CONV_FORCE_NULL, PGSQL_DML_NO_CONV, PGSQL_DML_ESCAPE, PGSQL_DML_EXEC, PGSQL_DML_ASYNC or PGSQL_DML_STRING combined. If PGSQL_DML_STRING is part of the options then query string is returned. When PGSQL_DML_NO_CONV or PGSQL_DML_ESCAPE is set, it does not call pg_convert internally.

Return Values

Returns TRUE on success or FALSE on failure. Returns string if PGSQL_DML_STRING is passed via options.

Examples

Example #1 pg_select example

<?php 
  $db 
pg_connect('dbname=foo');
  
// This is safe, since $_POST is converted automatically
  
$rec pg_select($db'post_log'$_POST);
  if (
$rec) {
      echo 
"Records selected\n";
      
var_dump($rec);
  } else {
      echo 
"User must have sent wrong inputs\n";
  }
?>

Changelog

Version Description
5.6.0 No longer experimental. Added PGSQL_DML_ESCAPE constant, TRUE/FALSE and NULL data type support.
5.5.3/5.4.19 Direct SQL injection to table_name and Indirect SQL injection to identifiers are fixed.

See Also

  • pg_convert