php-doc-en/reference/pgsql/functions/pg-delete.xml

<?xml version="1.0" encoding="utf-8"?>
<!-- $Revision$ -->
<refentry xml:id="function.pg-delete" xmlns="http://docbook.org/ns/docbook">
 <refnamediv>
  <refname>pg_delete</refname>
  <refpurpose>
   Deletes records
  </refpurpose>
 </refnamediv>

 <refsect1 role="description">
  &reftitle.description;
  <methodsynopsis>
   <type class="union"><type>string</type><type>bool</type></type><methodname>pg_delete</methodname>
   <methodparam><type>PgSql\Connection</type><parameter>connection</parameter></methodparam>
   <methodparam><type>string</type><parameter>table_name</parameter></methodparam>
   <methodparam><type>array</type><parameter>conditions</parameter></methodparam>
   <methodparam choice="opt"><type>int</type><parameter>flags</parameter><initializer><constant>PGSQL_DML_EXEC</constant></initializer></methodparam>
  </methodsynopsis>
  <para>
   <function>pg_delete</function> deletes records from a table
   specified by the keys and values in <parameter>conditions</parameter>.
  </para>
  <para>
   If <parameter>flags</parameter> is specified,
   <function>pg_convert</function> is applied to
   <parameter>conditions</parameter> with the specified flags.
  </para>
  <para>
   By default <function>pg_delete</function> passes raw values.
   Values must be escaped or the <constant>PGSQL_DML_ESCAPE</constant> flag
   must be specified in <parameter>flags</parameter>.
   <constant>PGSQL_DML_ESCAPE</constant> quotes and escapes parameters/identifiers.
   Therefore, table/column names become case sensitive.
  </para>
  <para>
   Note that neither escape nor prepared query can protect LIKE query,
   JSON, Array, Regex, etc. These parameters should be handled
   according to their contexts. i.e. Escape/validate values.
  </para>
 </refsect1>

<refsect1 role="parameters">
  &reftitle.parameters;
  <para>
   <variablelist>
    <varlistentry>
     <term><parameter>connection</parameter></term>
     <listitem>
      &pgsql.parameter.connection;
     </listitem>
    </varlistentry>
    <varlistentry>
     <term><parameter>table_name</parameter></term>
     <listitem>
      <para>
       Name of the table from which to delete rows.
      </para>
     </listitem>
    </varlistentry>
    <varlistentry>
     <term><parameter>conditions</parameter></term>
     <listitem>
      <para>
       An <type>array</type> whose keys are field names in the table <parameter>table_name</parameter>,
       and whose values are the values of those fields that are to be deleted.
      </para>
     </listitem>
    </varlistentry>
    <varlistentry>
     <term><parameter>flags</parameter></term>
     <listitem>
      <para>
       Any number of <constant>PGSQL_CONV_FORCE_NULL</constant>,
       <constant>PGSQL_DML_NO_CONV</constant>,
       <constant>PGSQL_DML_ESCAPE</constant>,
       <constant>PGSQL_DML_EXEC</constant>,
       <constant>PGSQL_DML_ASYNC</constant> or
       <constant>PGSQL_DML_STRING</constant> combined. If <constant>PGSQL_DML_STRING</constant> is part of the
       <parameter>flags</parameter> then query string is returned. When <constant>PGSQL_DML_NO_CONV</constant>
       or <constant>PGSQL_DML_ESCAPE</constant> is set, it does not call <function>pg_convert</function> internally.
      </para>
     </listitem>
    </varlistentry>
   </variablelist>
  </para>
 </refsect1>

 <refsect1 role="returnvalues">
  &reftitle.returnvalues;
  <para>
   &return.success;  Returns <type>string</type> if <constant>PGSQL_DML_STRING</constant> is passed
   via <parameter>flags</parameter>.
  </para>
 </refsect1>

 <refsect1 role="changelog">
  &reftitle.changelog;
  <informaltable>
   <tgroup cols="2">
    <thead>
     <row>
      <entry>&Version;</entry>
      <entry>&Description;</entry>
     </row>
    </thead>
    <tbody>
     &pgsql.changelog.connection-object;
    </tbody>
   </tgroup>
  </informaltable>
 </refsect1>
 
 <refsect1 role="examples">
  &reftitle.examples;
  <para>
   <example>
    <title><function>pg_delete</function> example</title>
    <programlisting role="php">
<![CDATA[
<?php 
  $db = pg_connect('dbname=foo');
  // This is safe somewhat, since all values are escaped.
  // However PostgreSQL supports JSON/Array. These are not
  // safe by neither escape nor prepared query.
  $res = pg_delete($db, 'post_log', $_POST, PG_DML_ESCAPE);
  if ($res) {
      echo "POST data is deleted: $res\n";
  } else {
      echo "User must have sent wrong inputs\n";
  }
?>
]]>
    </programlisting>
   </example>
  </para>
 </refsect1>

 <refsect1 role="seealso">
  &reftitle.seealso;
  <para>
   <simplelist>
    <member><function>pg_convert</function></member>
   </simplelist>
  </para>
 </refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->