tags:

views:

25

answers:

2
Q: 

Is there any way to send more than one postgresql sql prepared statement in one call in php?

Is there any way to execute more sql prepared statements at once? Or at least use something to achieve this result, can it be emulated with transactions?

pg_send_query can execute more statements (from php docs "The SQL statement or statements to be executed.") but pg_send_execute and pg_send_prepare can work only with one statement.

The query parameter has the following description

"The parameterized SQL statement. Must contain only a single statement. (multiple statements separated by semi-colons are not allowed.) If any parameters are used, they are referred to as $1, $2, etc."

from http://www.php.net/manual/en/function.pg-send-prepare.php

Is there any way to send more statements at once to make less roundtrips between php and postgresql like the pg_send_query does?

I don't want to use pg_send_query because without parameter binding I can have sql injection vulnerabilities in my code.

A: 

Separate your queries by semicolon:

UPDATE customers SET last_name = 'foo' WHERE id = 1;UPDATE customers SET last_name = 'bar' WHERE id = 2;

Edit: Okay you cannot do this on the call side:

The parameterized SQL statement. Must contain only a single statement. (multiple statements separated by semi-colons are not allowed.)

Another way would be to call a stored procedure with this method and this SP issues multiple statements.

Maxem  2010-10-14 21:54:38
I don't want to concatenate parameters to the query, I want to bind them to a prepared stament like this UPDATE customers SET last_name = $1 WHERE id = $2;Next statement;Another statement; in order to avoid sql injection.
codeassembly  2010-10-14 21:56:42
can I make a generic stored procedure than can accept a string containing multiple statements separated with semicolons and a variable number of parameters representing the statements parameters? It sounds like a very big hack and I think that even if possible it will have lots of unwanted side effects :)
codeassembly  2010-10-14 22:03:34
Sorry but I don't know php well enough to help you further, but I'd stay away from generic stored procedures.
Maxem  2010-10-14 22:05:50
Should php not provide a way to do what you want, create a stored procedure for every use case you have (update customer 1 and 2 on condition A, update product 1 to 232 if on condition B etc.)
Maxem  2010-10-14 22:07:50
That seems a lot of work, I need something simple and elegant, performance is not that important, if I can achieve it in a simple way fine but if I have to work hard and waste time then is ok to send the queries one by one and use that time to do something more useful.
codeassembly  2010-10-14 22:15:30
A: 

The round trips to the DB server shouldn't be your bottleneck as long as you are (a) using persistent connections (either directly or via a pool) and (b) aren't suffering from the "n+1 selects" problem.

New connections have an order of magnitude overhead which slows things down if done on every query. The n+1 problem results in generating far more trips than is really needed if the application retrieved (or acted upon) sets of related rows rather than doing all operations one at a time.

See: What is the n+1 selects problem?

Matthew Wood  2010-10-15 15:45:10

related questions

What language do you use for Postgresql triggers and stored procedures?
Are Multiple DataContext classes ever appropriate?
Which tools do people use to create Data Dictionaries?
Any experiences with Protocol Buffers?
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
How do I index a database field
How does database indexing work?
How do I connect to a database and loop over a recordset in C#?
Editing database records by multiple users
Object Oriented vs Relational Databases
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
Embedded Database for .net that can run off a network
Connect PHP to an AS/400
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
.NET Migrations Engine
Is there a version control system for database structure changes?
SQLite and XSD
How do I version my MS SQL database in SVN?
XSD DataSets and ignoring foreign keys
Flat File Databases in PHP
Throw Error In MySQL Trigger
Binary Data in MySQL