Escape a literal for insertion into a text field

pg_escape_literal

(PHP 5 >= 5.4.4, PHP 7, PHP 8)

pg_escape_literal Escape a literal for insertion into a text field

說明

pg_escape_literal(PgSql\Connection $connection = ?, string $data): string

pg_escape_literal() escapes a literal for querying the PostgreSQL database. It returns an escaped literal in the PostgreSQL format. pg_escape_literal() adds quotes before and after data. Users should not add quotes. Use of this function is recommended instead of pg_escape_string(). If the type of the column is bytea, pg_escape_bytea() must be used instead. For escaping identifiers (e.g. table, field names), pg_escape_identifier() must be used.

注意:

This function has internal escape code and can also be used with PostgreSQL 8.4 or less.

參數

connection

An PgSql\Connection instance. When connection is unspecified, the default connection is used. The default connection is the last connection made by pg_connect() or pg_pconnect().

警告

As of PHP 8.1.0, using the default connection is deprecated.

data

A string containing text to be escaped.

返回值

A string containing the escaped data.

更新日誌

版本 說明
8.1.0 現在 connection 參數接受 PgSql\Connection 實例,之前接受 資源(resource)

範例

示例 #1 pg_escape_literal() example

<?php 
  
// Connect to the database
  
$dbconn pg_connect('dbname=foo');
  
  
// Read in a text file (containing apostrophes and backslashes)
  
$data file_get_contents('letter.txt');
  
  
// Escape the text data
  
$escaped pg_escape_literal($data);
  
  
// Insert it into the database. Note that no quotes around {$escaped}
  
pg_query("INSERT INTO correspondence (name, data) VALUES ('My letter', {$escaped})");
?>

參見

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *