Php postgresql prepared statement

pg_prepare

pg_prepare — Отправляет SQL запрос, и ожидает завершения.

Описание

resource pg_prepare ( resource connection, string stmtname, string query )
resource pg_prepare ( string stmtname, string query )

pg_prepare() creates a prepared statement for later execution with pg_execute() or pg_send_execute() . This feature allows commands that will be used repeatedly to be parsed and planned just once, rather than each time they are executed. pg_prepare() is supported only against PostgreSQL 7.4 or higher connections; it will fail when using earlier versions.

The function creates a prepared statement named stmtname from the query string, which must contain a single SQL command. stmtname may be «» to create an unnamed statement, in which case any pre-existing unnamed statement is automatically replaced; otherwise it is an error if the statement name is already defined in the current session. If any parameters are used, they are referred to in the query as $1, $2, etc.

Prepared statements for use with pg_prepare() can also be created by executing SQL PREPARE statements. (But pg_prepare() is more flexible since it does not require parameter types to be pre-specified.) Also, although there is no PHP function for deleting a prepared statement, the SQL DEALLOCATE statement can be used for that purpose.

Список параметров

PostgreSQL database connection resource. When connection is not present, the default connection is used. The default connection is the last connection made by pg_connect() or pg_pconnect() .

The name to give the prepared statement. Must be unique per-connection. If «» is specified, then an unnamed statement is created, overwriting any previously defined unnamed statement.

The parameterised SQL statement. Must contain only a single statement. (multiple statements separated by semi-colons are not allowed.) If any parameters are used, they are referred to as $1, $2, etc.

Возвращаемые значения

Ресурс результата запроса, или FALSE при ошибке.

Пример 1. Using pg_prepare()

// Connect to a database named "mary" $dbconn = pg_connect("dbname=mary"); // Prepare a query for execution $result = pg_prepare($dbconn, "my_query", 'SELECT * FROM shops WHERE name = $1'); // Execute the prepared query. Note that it is not necessary to escape // the string "Joe's Widgets" in any way $result = pg_execute($dbconn, "my_query", array("Joe's Widgets")); // Execute the same prepared query, this time with a different parameter $result = pg_execute($dbconn, "my_query", array("Clothes Clothes Clothes"));

Источник

pg_send_prepare

Sends a request to create a prepared statement with the given parameters, without waiting for completion.

This is an asynchronous version of pg_prepare() : it returns true if it was able to dispatch the request, and false if not. After a successful call, call pg_get_result() to determine whether the server successfully created the prepared statement. The function’s parameters are handled identically to pg_prepare() . Like pg_prepare() , it will not work on pre-7.4 versions of PostgreSQL.

Parameters

The name to give the prepared statement. Must be unique per-connection. If «» is specified, then an unnamed statement is created, overwriting any previously defined unnamed statement.

The parameterized SQL statement. Must contain only a single statement. (multiple statements separated by semi-colons are not allowed.) If any parameters are used, they are referred to as $1, $2, etc.

Return Values

Returns true on success, false or 0 on failure. Use pg_get_result() to determine the query result.

Changelog

Version	Description
8.1.0	The connection parameter expects an PgSql\Connection instance now; previously, a resource was expected.

Examples

Example #1 Using pg_send_prepare()

$dbconn = pg_connect ( «dbname=publisher» ) or die( «Could not connect» );

// Prepare a query for execution
if (! pg_connection_busy ( $dbconn )) pg_send_prepare ( $dbconn , «my_query» , ‘SELECT * FROM shops WHERE name = $1’ );
$res1 = pg_get_result ( $dbconn );
>

// Execute the prepared query. Note that it is not necessary to escape
// the string «Joe’s Widgets» in any way
if (! pg_connection_busy ( $dbconn )) pg_send_execute ( $dbconn , «my_query» , array( «Joe’s Widgets» ));
$res2 = pg_get_result ( $dbconn );
>

// Execute the same prepared query, this time with a different parameter
if (! pg_connection_busy ( $dbconn )) pg_send_execute ( $dbconn , «my_query» , array( «Clothes Clothes Clothes» ));
$res3 = pg_get_result ( $dbconn );
>

See Also

• pg_connect() — Open a PostgreSQL connection
• pg_pconnect() — Open a persistent PostgreSQL connection
• pg_execute() — Sends a request to execute a prepared statement with given parameters, and waits for the result
• pg_send_execute() — Sends a request to execute a prepared statement with given parameters, without waiting for the result(s)
• pg_send_query_params() — Submits a command and separate parameters to the server without waiting for the result(s)

User Contributed Notes

• PostgreSQL Functions
  • pg_​affected_​rows
  • pg_​cancel_​query
  • pg_​client_​encoding
  • pg_​close
  • pg_​connect_​poll
  • pg_​connect
  • pg_​connection_​busy
  • pg_​connection_​reset
  • pg_​connection_​status
  • pg_​consume_​input
  • pg_​convert
  • pg_​copy_​from
  • pg_​copy_​to
  • pg_​dbname
  • pg_​delete
  • pg_​end_​copy
  • pg_​escape_​bytea
  • pg_​escape_​identifier
  • pg_​escape_​literal
  • pg_​escape_​string
  • pg_​execute
  • pg_​fetch_​all_​columns
  • pg_​fetch_​all
  • pg_​fetch_​array
  • pg_​fetch_​assoc
  • pg_​fetch_​object
  • pg_​fetch_​result
  • pg_​fetch_​row
  • pg_​field_​is_​null
  • pg_​field_​name
  • pg_​field_​num
  • pg_​field_​prtlen
  • pg_​field_​size
  • pg_​field_​table
  • pg_​field_​type_​oid
  • pg_​field_​type
  • pg_​flush
  • pg_​free_​result
  • pg_​get_​notify
  • pg_​get_​pid
  • pg_​get_​result
  • pg_​host
  • pg_​insert
  • pg_​last_​error
  • pg_​last_​notice
  • pg_​last_​oid
  • pg_​lo_​close
  • pg_​lo_​create
  • pg_​lo_​export
  • pg_​lo_​import
  • pg_​lo_​open
  • pg_​lo_​read_​all
  • pg_​lo_​read
  • pg_​lo_​seek
  • pg_​lo_​tell
  • pg_​lo_​truncate
  • pg_​lo_​unlink
  • pg_​lo_​write
  • pg_​meta_​data
  • pg_​num_​fields
  • pg_​num_​rows
  • pg_​options
  • pg_​parameter_​status
  • pg_​pconnect
  • pg_​ping
  • pg_​port
  • pg_​prepare
  • pg_​put_​line
  • pg_​query_​params
  • pg_​query
  • pg_​result_​error_​field
  • pg_​result_​error
  • pg_​result_​seek
  • pg_​result_​status
  • pg_​select
  • pg_​send_​execute
  • pg_​send_​prepare
  • pg_​send_​query_​params
  • pg_​send_​query
  • pg_​set_​client_​encoding
  • pg_​set_​error_​verbosity
  • pg_​socket
  • pg_​trace
  • pg_​transaction_​status
  • pg_​tty
  • pg_​unescape_​bytea
  • pg_​untrace
  • pg_​update
  • pg_​version

  Источник

  pg_prepare

  pg_prepare() creates a prepared statement for later execution with pg_execute() or pg_send_execute() . This feature allows commands that will be used repeatedly to be parsed and planned just once, rather than each time they are executed. pg_prepare() is supported only against PostgreSQL 7.4 or higher connections; it will fail when using earlier versions.

  The function creates a prepared statement named stmtname from the query string, which must contain a single SQL command. stmtname may be «» to create an unnamed statement, in which case any pre-existing unnamed statement is automatically replaced; otherwise it is an error if the statement name is already defined in the current session. If any parameters are used, they are referred to in the query as $1, $2, etc.

  Prepared statements for use with pg_prepare() can also be created by executing SQL PREPARE statements. (But pg_prepare() is more flexible since it does not require parameter types to be pre-specified.) Also, although there is no PHP function for deleting a prepared statement, the SQL DEALLOCATE statement can be used for that purpose.

  Parameters

  An PgSql\Connection instance. When connection is unspecified, the default connection is used. The default connection is the last connection made by pg_connect() or pg_pconnect() .

  As of PHP 8.1.0, using the default connection is deprecated.

  The name to give the prepared statement. Must be unique per-connection. If «» is specified, then an unnamed statement is created, overwriting any previously defined unnamed statement.

  The parameterized SQL statement. Must contain only a single statement. (multiple statements separated by semi-colons are not allowed.) If any parameters are used, they are referred to as $1, $2, etc.

  Return Values

  An PgSql\Result instance on success, or false on failure.

  Changelog

  Version	Description
  8.1.0	Returns an PgSql\Result instance now; previously, a resource was returned.
  8.1.0	The connection parameter expects an PgSql\Connection instance now; previously, a resource was expected.

  Examples

  Example #1 Using pg_prepare()

  // Connect to a database named «mary»
  $dbconn = pg_connect ( «dbname=mary» );

  // Prepare a query for execution
  $result = pg_prepare ( $dbconn , «my_query» , ‘SELECT * FROM shops WHERE name = $1’ );

  // Execute the prepared query. Note that it is not necessary to escape
  // the string «Joe’s Widgets» in any way
  $result = pg_execute ( $dbconn , «my_query» , array( «Joe’s Widgets» ));

  // Execute the same prepared query, this time with a different parameter
  $result = pg_execute ( $dbconn , «my_query» , array( «Clothes Clothes Clothes» ));

  See Also

  • pg_execute() — Sends a request to execute a prepared statement with given parameters, and waits for the result
  • pg_send_execute() — Sends a request to execute a prepared statement with given parameters, without waiting for the result(s)

  User Contributed Notes 6 notes

  SQL is often a complicated piece of code by itself, so you may wish put it inside a «here doc.» This will help you read it wherever it appears and test it by itself via a command-line or gui client.

  $sql = SELECT a.foo, b.bar, c.baz
  FROM
  table_a a
  LEFT JOIN
  table_b b
  ON (
  a.a_id = b.a_id
  )
  JOIN
  table_c c
  ON (
  b.c_id = c.c_id
  )
  WHERE c.name = $1
  SQL;

  I had some problems with this function. When you use pg_prepare() with a function like date_trunc(‘day’, $1) you need to specify the data type.

  The solution was use the Pear MDB2 but with some changes in code. The original code try to use pg_prepare() too, with errors.

  The given name cannot be the statement itself.
  It has a maximum length and will truncate.

  If two queries begin the same way, only the first one will be used.

  If you decide to deallocate (unprepare) a previously prepared sql command it might be better to quote the sql name as in

  instead of (the more natural)

  PostgerSQL preserves the case of your identifiers if, and only if, you quote them. The pg_prepare function preserves the case of the sql name you use.

  A complete example would be

  $sql = ‘SELECT * FROM user WHERE cod_user = $1’;
  $sqlName = ‘selectUserByCode’;
  if (!pg_prepare ($sqlName, $sql)) die(«Can’t prepare ‘$sql’: » . pg_last_error());
  >
  $rs = pg_execute($sqlName, array(1));
  do whatever you want with $rs and finally
  $sql = sprintf(
  ‘DEALLOCATE «%s»‘,
  pg_escape_string($sqlName)
  );
  if(!pg_query($sql)) die(«Can’t query ‘$sql’: » . pg_last_error());
  >

  Note that if you are preparing a query with an in clause with a list of items, you will need to prepare each item separately.

  $result = pg_prepare($dbconn, «my_query», ‘SELECT * FROM shops WHERE name IN($1,$2,$3)’);

  $result = pg_execute($dbconn, «my_query», array(«coffee», «beer», «hard»));

  This means that you can’t just prepare a query with an arbitrary in() list.

  Источник