From d74d18bfd2d03bc8cc8a44de31e0681696eaef55 Mon Sep 17 00:00:00 2001 From: Yasuo Ohgaki Date: Fri, 25 Nov 2011 04:25:08 +0000 Subject: [PATCH] add pg_escape_literal() and pg_escape_identifier() git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@319799 c90b9560-bf6c-de11-be94-00142212c4b1 --- .../pgsql/functions/pg-escape-identifier.xml | 152 +++++++++++++++++ .../pgsql/functions/pg-escape-literal.xml | 153 ++++++++++++++++++ .../pgsql/functions/pg-escape-string.xml | 17 +- 3 files changed, 315 insertions(+), 7 deletions(-) create mode 100644 reference/pgsql/functions/pg-escape-identifier.xml create mode 100644 reference/pgsql/functions/pg-escape-literal.xml diff --git a/reference/pgsql/functions/pg-escape-identifier.xml b/reference/pgsql/functions/pg-escape-identifier.xml new file mode 100644 index 0000000000..fa176d3d2a --- /dev/null +++ b/reference/pgsql/functions/pg-escape-identifier.xml @@ -0,0 +1,152 @@ + + + + + + pg_escape_identifier + + Escape a identifier for insertion into a text field + + + + + &reftitle.description; + + stringpg_escape_identifier + resourceconnection + stringdata + + + pg_escape_identifier escapes a identifier + (e.g. table, field names) for quering the database. It returns an + escaped identifier string for PostgreSQL + server. pg_escape_identifier adds double + quotes before and after data. Users should not add double + quotes. Use of this function is recommended for identifier + parameters in query. For SQL literals (i.e. parameters except + bytea), pg_escape_literal + or pg_escape_string muse be used. For bytea + type fields, pg_escape_bytea must be used + instead. + + + + This function has internal escape code and can also be used with + PostgreSQL 8.4 or less. + + + + + + &reftitle.parameters; + + + + connection + + + PostgreSQL database connection resource. When + connection is not present, the default connection + is used. The default connection is the last connection made by + pg_connect or pg_pconnect. + + + + + data + + + A string containing text to be escaped. + + + + + + + + + &reftitle.returnvalues; + + A string containing the escaped data. + + + + + + + &reftitle.examples; + + + <function>pg_escape_identifier</function> example + + +]]> + + + + + + + &reftitle.seealso; + + + pg_escape_literal + pg_escape_bytea + pg_escape_string + + + + + + diff --git a/reference/pgsql/functions/pg-escape-literal.xml b/reference/pgsql/functions/pg-escape-literal.xml new file mode 100644 index 0000000000..1520a70984 --- /dev/null +++ b/reference/pgsql/functions/pg-escape-literal.xml @@ -0,0 +1,153 @@ + + + + + + pg_escape_literal + + Escape a literal for insertion into a text field + + + + + &reftitle.description; + + stringpg_escape_literal + resourceconnection + stringdata + + + pg_escape_literal escapes a literal for + querying the PostgreSQL database. It returns an escaped literal in + the PostgreSQL format. pg_escape_literal adds + quotes before and after data. Users should not add quotes. Use of + this function is recommended instead + of pg_escape_string. If the type of the + column is bytea, pg_escape_bytea must be used + instead. For escaping identifiers (e.g. table, field + names), pg_escape_identifier must be used. + + + + This function has internal escape code and can also be used with + PostgreSQL 8.4 or less. + + + + + + &reftitle.parameters; + + + + connection + + + PostgreSQL database connection resource. When + connection is not present, the default connection + is used. The default connection is the last connection made by + pg_connect or pg_pconnect. + + + + + data + + + A string containing text to be escaped. + + + + + + + + + &reftitle.returnvalues; + + A string containing the escaped data. + + + + + + + &reftitle.examples; + + + <function>pg_escape_literal</function> example + + +]]> + + + + + + + &reftitle.seealso; + + + pg_escape_identifier + pg_escape_bytea + pg_escape_string + + + + + + diff --git a/reference/pgsql/functions/pg-escape-string.xml b/reference/pgsql/functions/pg-escape-string.xml index 8f05512f0f..f06bdfeff1 100644 --- a/reference/pgsql/functions/pg-escape-string.xml +++ b/reference/pgsql/functions/pg-escape-string.xml @@ -5,7 +5,7 @@ pg_escape_string - Escape a string for insertion into a text field + Escape a string for query @@ -17,12 +17,15 @@ stringdata - pg_escape_string escapes a string for - insertion into the database. It returns an escaped string in the - PostgreSQL format. Use of this function is recommended instead of - addslashes. If the type of the column - is bytea, pg_escape_bytea must be used - instead. + pg_escape_string escapes a string for querying + the database. It returns an escaped string in the PostgreSQL + format without quotes. pg_escape_literal is + more preffered way to escape SQL parameters for PostgreSQL. + addslashes must not be used with PostgreSQL. + If the type of the column is + bytea, pg_escape_bytea must be used + instead. pg_escape_identifier must be used to + escape identifiers (e.g. table names, field names)