pg_query_params
(PHP 5 >= 5.1.0)
pg_query_params — Submits a command to the server and waits for the result, with the ability to pass parameters separately from the SQL command text.
Description
resource pg_query_params
( resource $connection
, string $query
, array $params
)
resource pg_query_params
( string $query
, array $params
)
pg_query_params() is like pg_query(),
but offers additional functionality: parameter
values can be specified separately from the command string proper.
pg_query_params() is supported only against PostgreSQL 7.4 or
higher connections; it will fail when using earlier versions.
If parameters are used, they are referred to in the query
string as $1, $2, etc. params
specifies the actual values of the
parameters. A NULL value in this array means the corresponding parameter is SQL
NULL.
The primary advantage of pg_query_params() over pg_query()
is that parameter values
may be separated from the query
string, thus avoiding the need for tedious
and error-prone quoting and escaping. Unlike pg_query(),
pg_query_params() allows at
most one SQL command in the given string. (There can be semicolons in it,
but not more than one nonempty command.)
Parameters
-
connection
-
PostgreSQL database connection resource. When
connection
is not present, the default connection
is used. The default connection is the last connection made by
pg_connect() or pg_pconnect().
-
query
-
The parameterised SQL statement. Must contain only a single statement.
(multiple statements separated by semi-colons are not allowed.) If any parameters
are used, they are referred to as $1, $2, etc.
-
params
-
An array of parameter values to substitute for the $1, $2, etc. placeholders
in the original prepared query string. The number of elements in the array
must match the number of placeholders.
Return Values
A query result resource on success, or FALSE on failure.
Examples
Example #1 Using pg_query_params()
<?php
// Connect to a database named "mary"
$dbconn = pg_connect("dbname=mary");
// Find all shops named Joe's Widgets. Note that it is not necessary to
// escape "Joe's Widgets"
$result = pg_query_params($dbconn, 'SELECT * FROM shops WHERE name = $1', array("Joe's Widgets"));
// Compare against just using pg_query
$str = pg_escape_string("Joe's Widgets");
$result = pg_query($dbconn, "SELECT * FROM shops WHERE name = '{$str}'");
?>