CakeFest 2024: The Official CakePHP Conference

pg_select

(PHP 4 >= 4.3.0, PHP 5, PHP 7, PHP 8)

pg_select 选择记录

说明

pg_select(
    PgSql\Connection $connection,
    string $table_name,
    array $conditions,
    int $flags = PGSQL_DML_EXEC,
    int $mode = PGSQL_ASSOC
): array|string|false

pg_select() 根据 conditions 数组中的 field=>value 值来选择记录。成功的查询返回和 conditions 指定的条件相匹配的包括记录和字段的数组。

如果设置了 flagspg_convert() 会按照指定 flag 作用于 conditions 上。

如果设置了 mode,返回值将以数组形式返回,其中使用 PGSQL_NUM 表示索引数组,使用 PGSQL_ASSOC 表示关联数组(默认),或者同时使用 PGSQL_BOTH 表示两者。

默认情况下 pg_select() 传递原始值。值必须转义或指定 PGSQL_DML_ESCAPE。PGSQL_DML_ESCAPE 引用并转义参数/标识符。因此,表/列名称变得区分大小写。

注意转义和预处理查询都不能保护 LIKE 查询、JSON、Array、Regex 等,这些参数要根据上下文来处理。即转义/验证值。

参数

connection

PgSql\Connection 实例。

table_name

要选择记录的表名。

conditions

array,其键是表 table_name 中的字段名称,其值是检索记录必须满足的条件。

flags

任意数量的 PGSQL_CONV_FORCE_NULLPGSQL_DML_NO_CONVPGSQL_DML_ESCAPEPGSQL_DML_EXECPGSQL_DML_ASYNCPGSQL_DML_STRING 的组合。当 PGSQL_DML_STRINGflags 的一部分,然后将返回查询字符串。当设置了 PGSQL_DML_NO_CONVPGSQL_DML_ESCAPE 时,不会在内部调用 pg_convert()

mode

PGSQL_ASSOCPGSQL_NUMPGSQL_BOTH 中的一个。 如果设置了 PGSQL_ASSOC,返回值将是关联 array;如果设置了 PGSQL_NUM,返回值将是索引 array;如果设置了 PGSQL_BOTH,返回值将是同时包含关联和索引的 array

返回值

成功时,如果通过 flags 传递 PGSQL_DML_STRING,返回 string,否则返回 array, 或者在失败时返回 false

更新日志

版本 说明
8.1.0 现在 connection 参数接受 PgSql\Connection 实例,之前接受 resource
7.1.0 新增 mode 参数。

示例

示例 #1 pg_select() 示例

<?php
$db
= pg_connect('dbname=foo');
// 在某种程度上安全,因为所有值都转义了。
// 然而 PostgreSQL 支持 JSON/Array。无论是
// 转义还是预处理都不安全。
$rec = pg_select($db, 'post_log', $_POST, PG_DML_ESCAPE);
if (
$rec) {
echo
"Records selected\n";
var_dump($rec);
} else {
echo
"User must have sent wrong inputs\n";
}
?>

参见

  • pg_convert() - 将关联的数组值转换为适合 SQL 语句的格式

add a note

User Contributed Notes 2 notes

up
5
david dot tulloh at infaze dot com dot au
18 years ago
Valid options are PGSQL_DML_NO_CONV, PGSQL_DML_EXEC, PGSQL_DMP_ASYNC, PGSQL_DML_STRING (pulled out of source code).

This function does not support selecting from multiple tables. You can get around this by setting the PGSQL_DML_NO_CONV option. This prevents the error which occurs when the function tries to convert the condition array.

I think it is also important to point out that the table_name field is not safe, particularily with the PGSQL_DML_NO_CONV option.

The arguements array field is compulsory, as documented. What isn't so clear is that the array has to actually have some values in it, you can't do a select all.

In summary, this function is good for a very small subset of basic queries. If you are after anything more complex you are better off with pg_query.
up
-5
wietse at cj2 dot nl
18 years ago
David mentioned that you can't do a Select all.
However, when executing this script:
<?php
$conn_string
= "dbname=mydb";
$db = pg_connect($conn_string);
$selectfields = array("imgid" => "");
$records = pg_select($db,"mmsfiles",$selectfields);
print_r($records);
?>
...I get this result:
Array
(
[0] => Array
(
[imgid] => 1
[file] => /home/wietse/public_html/mms/images/1.gif
[thumb] =>
)
[1] => Array
(
[imgid] => 2
[file] => /home/wietse/public_html/mms/images/2.gif
[thumb] =>
)
[2] => Array
(
[imgid] => 3
[file] => /home/wietse/public_html/mms/images/3.gif
[thumb] =>
)
[3] => Array
(
[imgid] => 4
[file] => /home/wietse/public_html/mms/images/4.gif
[thumb] =>
)
)
To Top