PostgreSQL query class and associated functions
This subpackage provides some functions that are useful around database activity and a PgQuery class to simplify handling of database queries.
The class is intended to be a very lightweight wrapper with no pretentions towards database independence, but it does include some features that have proved useful in developing and debugging web-based applications:
We will die if the database is not currently connected and we fail to find a working connection.
Class | Description |
---|---|
![]() |
The PgQuery Class. |
Replaces PostgreSQL query with escaped parameters in preparation for execution.
The function takes a variable number of arguments, the first is the SQL string, with replaceable '?' characters (a la DBI). The subsequent parameters being the values to replace into the SQL string.
The values passed to the routine are analyzed for type, and quoted if they appear to need quoting. This can go wrong for (e.g.) NULL or other special SQL values which are not straightforwardly identifiable as needing quoting (or not). In such cases the parameter can be forced to be inserted unquoted by passing it as "array( 'plain' => $param )".
This function is outside the PgQuery class because it is sometimes desirable to build SQL command strings in circumstances where there is no benefit to using the class.
Clean a string of many suspicious characters
While this is a fairly aggressive approach, it applies in many circumstances where various strings should not contain things that might screw up (e.g.) filesystem semantics. Although not strictly a PgQuery function it's here for the time being until I invent a new "generally useful functions" include.
Connect to the database defined in the $c->dbconn[] array
A duration (in decimal seconds) between two times which are the result of calls to microtime()
This simple function is used by the PgQuery class because the microtime function doesn't return a decimal time, so a simple subtraction is not sufficient.
Quote the given string (depending on its type) so that it can be used safely in a PostgreSQL query without fear of SQL injection errors.
Although this function effectively achieves a similar goal to the pg_escape_string() function, it is needed for older versions of PHP (< 4.2.0) and older versions of PostgreSQL (< 7.2.0), however. PgQuery does not attempt to use the newer pg_escape_string() function at this stage.
This function is outside the PgQuery class because it is sometimes desirable to quote values for SQL command strings in circumstances where there is no benefit to using the class.
Documentation generated on Fri, 13 Jan 2012 23:40:17 +1300 by phpDocumentor 1.4.3