<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title>Escape a string for query</title> </head> <body><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="function.pg-escape-literal.html">pg_escape_literal</a></div> <div class="next" style="text-align: right; float: right;"><a href="function.pg-execute.html">pg_execute</a></div> <div class="up"><a href="ref.pgsql.html">PostgreSQL Functions</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div><hr /><div id="function.pg-escape-string" class="refentry"> <div class="refnamediv"> <h1 class="refname">pg_escape_string</h1> <p class="verinfo">(PHP 4 >= 4.2.0, PHP 5)</p><p class="refpurpose"><span class="refname">pg_escape_string</span> — <span class="dc-title"> Escape a string for query </span></p> </div> <div class="refsect1 description" id="refsect1-function.pg-escape-string-description"> <h3 class="title">Description</h3> <div class="methodsynopsis dc-description"> <span class="type">string</span> <span class="methodname"><strong>pg_escape_string</strong></span> ([ <span class="methodparam"><span class="type">resource</span> <code class="parameter">$connection</code></span> ], <span class="methodparam"><span class="type">string</span> <code class="parameter">$data</code></span> )</div> <p class="para rdfs-comment"> <span class="function"><strong>pg_escape_string()</strong></span> escapes a string for querying the database. It returns an escaped string in the PostgreSQL format without quotes. <span class="function"><a href="function.pg-escape-literal.html" class="function">pg_escape_literal()</a></span> is more preferred way to escape SQL parameters for PostgreSQL. <span class="function"><a href="function.addslashes.html" class="function">addslashes()</a></span> must not be used with PostgreSQL. If the type of the column is bytea, <span class="function"><a href="function.pg-escape-bytea.html" class="function">pg_escape_bytea()</a></span> must be used instead. <span class="function"><a href="function.pg-escape-identifier.html" class="function">pg_escape_identifier()</a></span> must be used to escape identifiers (e.g. table names, field names) </p> <blockquote class="note"><p><strong class="note">Note</strong>: <p class="para"> This function requires PostgreSQL 7.2 or later. </p> </p></blockquote> </div> <div class="refsect1 parameters" id="refsect1-function.pg-escape-string-parameters"> <h3 class="title">Parameters</h3> <p class="para"> <dl> <dt> <span class="term"><em><code class="parameter">connection</code></em></span> <dd> <p class="para"> PostgreSQL database connection resource. When <em><code class="parameter">connection</code></em> is not present, the default connection is used. The default connection is the last connection made by <span class="function"><a href="function.pg-connect.html" class="function">pg_connect()</a></span> or <span class="function"><a href="function.pg-pconnect.html" class="function">pg_pconnect()</a></span>. </p> </dd> </dt> <dt> <span class="term"><em><code class="parameter">data</code></em></span> <dd> <p class="para"> A <span class="type"><a href="language.types.string.html" class="type string">string</a></span> containing text to be escaped. </p> </dd> </dt> </dl> </p> </div> <div class="refsect1 returnvalues" id="refsect1-function.pg-escape-string-returnvalues"> <h3 class="title">Return Values</h3> <p class="para"> A <span class="type"><a href="language.types.string.html" class="type string">string</a></span> containing the escaped data. </p> </div> <div class="refsect1 changelog" id="refsect1-function.pg-escape-string-changelog"> <h3 class="title">Changelog</h3> <p class="para"> <table class="doctable informaltable"> <thead> <tr> <th>Version</th> <th>Description</th> </tr> </thead> <tbody class="tbody"> <tr> <td>5.2.0</td> <td><em><code class="parameter">connection</code></em> added</td> </tr> </tbody> </table> </p> </div> <div class="refsect1 examples" id="refsect1-function.pg-escape-string-examples"> <h3 class="title">Examples</h3> <p class="para"> <div class="example" id="example-2062"> <p><strong>Example #1 <span class="function"><strong>pg_escape_string()</strong></span> example</strong></p> <div class="example-contents"> <div class="phpcode"><code><span style="color: #000000"> <span style="color: #0000BB"><?php <br /> </span><span style="color: #FF8000">// Connect to the database<br /> </span><span style="color: #0000BB">$dbconn </span><span style="color: #007700">= </span><span style="color: #0000BB">pg_connect</span><span style="color: #007700">(</span><span style="color: #DD0000">'dbname=foo'</span><span style="color: #007700">);<br /> <br /> </span><span style="color: #FF8000">// Read in a text file (containing apostrophes and backslashes)<br /> </span><span style="color: #0000BB">$data </span><span style="color: #007700">= </span><span style="color: #0000BB">file_get_contents</span><span style="color: #007700">(</span><span style="color: #DD0000">'letter.txt'</span><span style="color: #007700">);<br /> <br /> </span><span style="color: #FF8000">// Escape the text data<br /> </span><span style="color: #0000BB">$escaped </span><span style="color: #007700">= </span><span style="color: #0000BB">pg_escape_string</span><span style="color: #007700">(</span><span style="color: #0000BB">$data</span><span style="color: #007700">);<br /> <br /> </span><span style="color: #FF8000">// Insert it into the database<br /> </span><span style="color: #0000BB">pg_query</span><span style="color: #007700">(</span><span style="color: #DD0000">"INSERT INTO correspondence (name, data) VALUES ('My letter', '</span><span style="color: #007700">{</span><span style="color: #0000BB">$escaped</span><span style="color: #007700">}</span><span style="color: #DD0000">')"</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">?></span> </span> </code></div> </div> </div> </p> </div> <div class="refsect1 seealso" id="refsect1-function.pg-escape-string-seealso"> <h3 class="title">See Also</h3> <p class="para"> <ul class="simplelist"> <li class="member"> <span class="function"><a href="function.pg-escape-bytea.html" class="function" rel="rdfs-seeAlso">pg_escape_bytea()</a> - Escape a string for insertion into a bytea field</span></li> </ul> </p> </div> </div><hr /><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="function.pg-escape-literal.html">pg_escape_literal</a></div> <div class="next" style="text-align: right; float: right;"><a href="function.pg-execute.html">pg_execute</a></div> <div class="up"><a href="ref.pgsql.html">PostgreSQL Functions</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div></body></html>