Sending SQL to PostgreSQL
The function pg_query() sends SQL to the PostgreSQL installation. Again, escaping potentially dangerous characters such as single quotes is a must; this can be done with the pg_escape_string() function. In this code, you see the PHP portion of the script that accepts funny (or not-so-funny) phrases in an HTML form and writes it to the database.
Sending SQL to PostgreSQL (pg_query.php; excerpt)
<?php
if ($db = @pg_connect('host=localhost port=5432
dbname=phrasebook user=postgres
password=abc123')) {
require_once 'stripFormSlashes.inc.php';
pg_query($db, sprintf(
'INSERT INTO quotes (quote, author, year)
VALUES (\'%s\', \'%s\', \'%s\')',
pg_escape_string($_POST['quote']),
pg_escape_string($_POST['author']),
intval($_POST['year'])));
echo 'Quote saved.';
pg_close($db);
} else {
echo 'Connection failed.';
}
?>
Retrieving the value in the identity column after the last INSERT statement is a bit tricky. The PostgreSQL term for such a data type is SERIAL, which automatically creates a sequence. To get the sequence's value, you can use pg_last_oid() to retrieve the oid (object id) of this value. Then, execute a SELECT id FROM quotes WHERE oid=<oid>, when <oid> is the oid you just retrieved. This finally returns the desired value. |
|