ansaurus

Question

Answer 1

+1 A:

Use the pg_last_error() function to get a more detailed error message like this:

    if (!$insert) {
      echo "An error occured.\n";
      echo pg_last_error($conn);
      exit;
    }

Nev Stokes 2010-09-09 08:40:07

when i enable i got this message ..ERROR: syntax error at or near "`" at character 13

Ajay_kumar 2010-09-09 08:49:37

Answer 2

+1 A:

Insert into `advertiser_regidetdir`

Backticks are a MySQL quoting feature that is not part of standard ANSI SQL and not available in other databases. The ANSI syntax for quoting a schema name is double quotes.

It is unfortunate that MySQL interprets double quotes as a synonym for single quotes. If you want to write code that is portable across MySQL and other DBMSs, you'll need to either:

use double-quotes for schema names throughout, and on MySQL turn on the sql_mode ANSI_QUOTES feature in order to make it comply with the standard, or
avoid quoting schema names altogether. This requires general knowledge of what keywords exist in different DBMSs so you can avoid those words, but certainly advertiser_regidetdir is not a keyword in any DBMS so is quite valid without the quotes.

.

values('$user','$domain','$email','$pubkey','$pritekey',0)

Unless you have already pg_escape_stringed those values, that's a bit old load of SQL injection security horror.

Consider parameterised queries, especially as with the pg module you get pg_query_params which makes it really easy.

bobince 2010-09-09 08:48:04

i have removed "`" character from the query.I am getting error "ERROR: relation "advertiser_regidetdir" does not exist"

Ajay_kumar 2010-09-09 09:04:37

Well, yeah, that's what the error says it is. The database you've connected to has no table with that name. Check what tables do exist.

bobince 2010-09-09 09:10:29

Answer 3

A:

Use pg_query_params() to avoid SQL injection and don't use backticks `, these have nothing to do with SQL:

<?php
$dbhost='localhost';
$dbuser='dbuser';
$dbpass='dbpass';
$dbname='dbname';

$conn = pg_connect('host='.$dbhost.' dbname='.$dbname.' user='.$dbuser.' password='.$dbpass); 

if (!$conn) {
  echo "An error occured.\n";
  exit;
}else{
echo "connection occured";
}
echo $conn;

$query = '
    INSERT INTO advertiser_regidetdir
        (user_name,domain_name,user_email,publickey,privatekey, refresh_count )
    VALUES($1, $2, $3, $4, $5, 0)'; // 5 placeholders

$insert = pg_query_params(
            $conn,
            $query,
            array($user, $domain, $email, $pubkey, $pritekey) // array with values
            );

if (!$insert) {
    echo "An error occured.\n";
    exit;
}
?>

Frank Heikens 2010-09-09 09:42:23

thanks this is solved now.

Ajay_kumar 2010-09-09 10:11:15

@Ajay then please mark the answer that helped you most as the accepted answer.

Pekka 2010-09-09 11:52:53

ansaurus

tags:

views:

answers:

getting problem in pg_query execution

related questions