Newbie Question-Quoting SQL

I have some old forms that I used for MySQL a few years ago, and I'm
trying to use the with postgres, but I keep on getting a message that
the query failed.

The connection string seems to be okay:

$link = pg_connect("host=localhost port=5432 dbname=toms_stuff
user=postgres password=********");

The query string, however, seems to be messed up.

$result = pg_query ($link, "Select * from Author");
if (!$result) {
echo "Query failed.\n";
exit;
}

I assume the fault is in how the Select statement is quoted, but I
can't see what I'm doing wrong.

Any suggestions will be appreciated. Also can anyone give me a general
idea of the rules for quoting postgreSQL in PHP?

Thanks for any help you can give.

Tom Hart

--
Sent via pgsql-php mailing list (pgsql-php@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-php

Re: Newbie Question-Quoting SQL

On Monday 27. April 2009, Thomas Hart wrote:

> $result = pg_query ($link, "Select * from Author");

If the table really is named "Author" with a capital A, you'll need to
quote it, because postgres will fold it to lowercase otherwise.
--
Leif Biberg Kristensen | Registered Linux User #338009
Me And My Database: http://solumslekt.org/blog/

--
Sent via pgsql-php mailing list (pgsql-php@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-php

Re: Newbie Question-Quoting SQL

On Mon, 2009-04-27 at 15:56 -0400, Thomas Hart wrote:
> I have some old forms that I used for MySQL a few years ago, and I'm
> trying to use the with postgres, but I keep on getting a message that
> the query failed.
>
> The connection string seems to be okay:
>
> $link = pg_connect("host=localhost port=5432 dbname=toms_stuff
> user=postgres password=********");
>
> The query string, however, seems to be messed up.
>
> $result = pg_query ($link, "Select * from Author");
> if (!$result) {
> echo "Query failed.\n";
> exit;
> }
>
> I assume the fault is in how the Select statement is quoted, but I
> can't see what I'm doing wrong.
>
> Any suggestions will be appreciated. Also can anyone give me a general
> idea of the rules for quoting postgreSQL in PHP?

They don't apply so much to PHP, as to PostgreSQL which follows the SQL
standard for quoting. Identifiers should be quoted with " and character
strings should be quoted with '.

And then within PHP if you want to have " in a string it should be
escaped like:

"SELECT * FROM \"Author\""
or
'SELECT * FROM "Author"'

or, in the case of using a keyword as a column name:

'select "DATE" from mytable'

You can also escape characters in the PostgreSQL string, using \, but of
course the \ itself may need to be escaped in PHP...

In this string the ' is backslashed to PostgreSQL:

"INSERT INTO \"Author\" (name) VALUES( E'O\\'Connor' )"

Note that the PostgreSQL string needs to be preceded by an "E" if it has
escapes in it (in recent versions of PostgreSQL, at least).


All of this should be in the PostgreSQL manual:

http://www.postgresql.org/docs/8.4/static/sql-syntax-lexical .html#SQL-SYNTAX-IDENTIFIERS


Cheers,
Andrew McMillan.

------------------------------------------------------------ ------------
andrew (AT) morphoss (DOT) com +64(272)DEBIAN
Building more free and open source software for New Zealanders
------------------------------------------------------------ ------------



--
Sent via pgsql-php mailing list (pgsql-php@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-php