trevor1940
asked on
PHP: query a PostgreSQL database
Hi
I'm running PHP version 5.3.5 on a standalone (No internet) fedora 12
I need to build a search web page to query a PostgreSQL database I can't use PDO because the driver is missing
pg_connect works so how do I write a select query that can take 1 or more user parameters from a front end form and loop through the results
At this stage I'm just trying to work out how to query the database safely eg bind the user parameters to prevent SQL Injection
I get SQL syntax error on the where clause I think the array isn't being passed into $1
I'm running PHP version 5.3.5 on a standalone (No internet) fedora 12
I need to build a search web page to query a PostgreSQL database I can't use PDO because the driver is missing
pg_connect works so how do I write a select query that can take 1 or more user parameters from a front end form and loop through the results
At this stage I'm just trying to work out how to query the database safely eg bind the user parameters to prevent SQL Injection
I get SQL syntax error on the where clause I think the array isn't being passed into $1
syntax error at or near "," line XX: name like $1 , array("Trevor%")
<?php
error_reporting(E_ALL);
// Connect to a database named "mary"
$dbconn = pg_connect("dbname=mary") or die("Cannot connect ". pg_last_error()) ;
$name = "Trevor%"; // simulate $_POST
$SQL = <<<SQL
Select name,age,address from my_table where name like $1" , array("$name"));
SQL;
// actual query is over multi lines
$results= pg_query($SQL) or die("Cannot connect ". pg_last_error()) ;
if($results){
// loop through results building HTML
while($row = pg_fetch_array($result, NULL, PGSQL_ASSOC)){
echo "<p>Name:" . $row['name'] . "age: " .$row['age'] . "address:" . $row['address'] . "</p>";
}
}// end if results
else{
echo "<p>No Data </p>";
}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I worked it out by using pg_execute() http://php.net/manual/en/function.pg-execute.php
Thanx