Reputation: 181
Having difficulties with pg_query(); in php
Currently I am using Postgres with PHP. I'm writing an interface where a user can fill in a user, so it gets added to the total record of users in the database. (Very simple).
Recently I've been having alot of trouble getting the queries to work. Escaping seems to be required all the time. Just the query itself between double quotes isnt enough anymore.
I'm having trouble with the following query;
$query = pg_query($dbconnection,"INSERT INTO clients('clientid', 'name', 'ipaddress', 'status') VALUES ('$clientid', '$name', '$ipaddress', '$status' ");
This doesn't work. I guess there's more escaping needed. Is there any third party tool available to check if these postgres syntaxes are valid or not?
If not, how can I exactly turn this query into a useable one?
Upvotes: 0
Views: 122
Answers (3)
Reputation: 126991
Use pg_query_params() to handle escaping and avoid SQL injection:
$query = pg_query_params(
$dbconnection,
'INSERT INTO clients(clientid, name, ipaddress,status) VALUES ($1, $2, $3, $4);', // placeholders
array($clientid, $name, $ipaddress, $status) // content
);
Upvotes: 3
Reputation: 1385
$query = pg_query($dbconnection, "INSERT INTO clients(clientid, name, ipaddress,status) VALUES ('$clientid', '$name', '$ipaddress', '$status')");
should do the work. Note no quotes around the field names and the closing parenthesis after the VALUES.
Upvotes: 1
Reputation: 61
Try this
$query = pg_query($dbconnection,
"INSERT INTO clients(clientid, name, ipaddress,status) VALUES ('$clientid', '$name', '$ipaddress', '$status' ");
Upvotes: 1
Related Questions
- how to fix pg_query
- Error querying SQL SELECT in PHP
- Warning: pg_query(): Query failed: ERROR: syntax error at or near
- php pg_query not working?
- query works on postgresql but not on php
- PostgreSQL query error when using PHP
- postgresql database query problem in php
- getting problem in pg_query execution
- Postgresql Query
- To solve a pg_query error message in PHP