对pg_query()有困难; 在PHP中
[英]Having difficulties with pg_query(); in php
问题描述
Currently I am using Postgres with PHP. 
目前,我在PHP中使用Postgres。 I'm writing an interface where a user can fill in a user, so it gets added to the total record of users in the database. 我正在编写一个界面,用户可以在其中填写用户,以便将其添加到数据库中用户的总记录中。 (Very simple). (很简单)。
Recently I've been having alot of trouble getting the queries to work. 最近,我在使查询正常工作方面遇到了很多麻烦。 Escaping seems to be required all the time. 逃避似乎一直都是必需的。 Just the query itself between double quotes isnt enough anymore. 只是双引号之间的查询本身已经不够了。
I'm having trouble with the following query; 我在执行以下查询时遇到问题;
$query = pg_query($dbconnection,"INSERT INTO clients('clientid', 'name', 'ipaddress', 'status') VALUES ('$clientid', '$name', '$ipaddress', '$status' ");
This doesn't work. 这行不通。 I guess there's more escaping needed. 我想还需要更多的转义。 Is there any third party tool available to check if these postgres syntaxes are valid or not? 是否有任何第三方工具可用来检查这些postgres语法是否有效?
If not, how can I exactly turn this query into a useable one? 如果没有,我该如何准确地将此查询转换为可用的查询?
3 个解决方案
解决方案1
3 已采纳 2013-10-10 10:25:36
Use pg_query_params() to handle escaping and avoid SQL injection: 使用pg_query_params()处理转义并避免SQL注入:
$query = pg_query_params(
$dbconnection,
'INSERT INTO clients(clientid, name, ipaddress,status) VALUES ($1, $2, $3, $4);', // placeholders
array($clientid, $name, $ipaddress, $status) // content
);
解决方案2
1 2013-10-10 10:18:42
Try this
$query = pg_query($dbconnection,
"INSERT INTO clients(clientid, name, ipaddress,status) VALUES ('$clientid', '$name', '$ipaddress', '$status' ");
解决方案3
1 2013-10-10 10:23:08
$query = pg_query($dbconnection, "INSERT INTO clients(clientid, name, ipaddress,status) VALUES ('$clientid', '$name', '$ipaddress', '$status')");
should do the work. 应该做的工作。 Note no quotes around the field names and the closing parenthesis after the VALUES . 请注意,在VALUES之后,字段名称和右括号之间没有引号。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.