pg_query

(PHP 4 >= 4.2.0, PHP 5, PHP 7)

pg_queryEjecutar una consulta

Descripción

resource pg_query ([ resource $connection ], string $query )

pg_query() ejecuta la consulta dada por query en la conexión a la base de datos especificada por connection. En la mayoría de los casos, es preferible utilizar pg_query_params().

Si ocurre un error y se devuelve FALSE, se pueden recuperara los detalles de este error con la función pg_last_error() si la conexión es válida.

Nota: Aunque se puede omitir connection, it no se recomienda debido a que puede ser difícil encontrar errores en scripts.

Nota:

Esta función se solía llamar pg_exec(). pg_exec() aún está disponible por compatibilidad, aunque se recomienda utilizar en nuevo nombre.

Parámetros

connection

Recurso de conexión a una base de datos de PostgreSQL. Cuando connection no está presente, se utilizará la conexión predeterminada. Esta es la última conexión realizada por pg_connect() o pg_pconnect().

query

La sentencia o sentencias SQL a ejecutar. Cuando se pasan varias sentencias a la función, automáticamente se ejecutan como una sola transacción, a menos que haya comandos BEGIN/COMMIT explícitos incluidos en la cadena de consulta. Sin embargo, no se recomiendo el uso de varias transacciones en una llamada a la función.

Advertencia

La interpolación de datos proporcionados por el usuario es extremadamente peligrosa y probablemente lleve a vulnerabilidades de inyecciones SQL. En la mayoría de los casos es preferible el uso de pg_query_params(), pasando los valores proporcionados por el usuario como parámetros en lugar de sustituirlos en la cadena de consulta.

Cualquier dato proporcionado por el usuario sustituido directamente en una cadena de consulta debe ser escapado adecuadamente.

Valores devueltos

Un recurso de resultados de consulta en caso de éxtio o FALSE en caso de error.

Ejemplos

Ejemplo #1 Ejemplo de pg_query()

<?php

$conn 
pg_pconnect("dbname=publisher");
if (!
$conn) {
  echo 
"Ocurrió un error.\n";
  exit;
}

$result pg_query($conn"SELECT author, email FROM authors");
if (!
$result) {
  echo 
"Ocurrió un error.\n";
  exit;
}

while (
$row pg_fetch_row($result)) {
  echo 
"Author: $row[0]  E-mail: $row[1]";
  echo 
"<br />\n";
}
 
?>

Ejemplo #2 Uso de pg_query() con varias sentencias

<?php

$conn 
pg_pconnect("dbname=publisher");

// estas sentencias se ejecutarán como una sola transacción

$query "UPDATE authors SET author=UPPER(author) WHERE id=1;";
$query .= "UPDATE authors SET author=LOWER(author) WHERE id=2;";
$query .= "UPDATE authors SET author=NULL WHERE id=3;";

pg_query($conn$query);

?>

Ver también

add a note add a note

User Contributed Notes 15 notes

up
5
hierophantNOSPAM at pcisys dot net
14 years ago
Regarding david.bouriaud@ac-rouen.fr:
You misunderstand SQL. When a query is issued, results applicable at the time of the query are returned to the application (i.e. PHP). There is no further reference to the database required. Thus, all of the pg_fetch_* functions are acting on an internal data storage, NOT the database itself. This is because SQL does not have a concept of sets, or of state (except in limited circumstances provided by transactions). However, if you use a cursor instead, fetching only one record at a time, you may get an error if you delete the table. If you don't, it is an issue with Postgres, not PHP.
up
3
mentat at azsoft dot pl
13 years ago
$GLOBALS["PG_CONNECT"]=pg_connect(...);
....

function query ($sqlQuery,$var=0) {
   if (!$GLOBALS["PG_CONNECT"]) return 0;
   $lev=error_reporting (8); //NO WARRING!!
   $result=pg_query ($sqlQuery);
   error_reporting ($lev); //DEFAULT!!
   if (strlen ($r=pg_last_error ($GLOBALS["PG_CONNECT"]))) {
      if ($var) {
        echo "<p color=\"red\">ERROR:<pre>";
        echo $sqlQuery;
        echo "</pre>";
        echo $r;
        echo "&lt/p>";
      }
      close_db ();
      return 0;
   }
   return $result;
}
up
4
mankyd
10 years ago
There was a typo in the code that I posted:

<?php
  $result
=pg_query($conn, "SELECT * FROM x WHERE a=b;");
  if  (!
$result) {
   echo
"query did not execute";
  }
  if (
pg_num_rows($result) == 0) {
   echo
"0 records"
 
}
  else {
   while (
$row = pg_fetch_array($result)) {
    
//do stuff with $row
  
}
  }
?>
up
3
a dot mcruer at live dot com
3 years ago
A quick note for novice users: when gathering input from fields on a web form that maintains a database connection, *never* use pg_query to do queries from the field. Always sanitize input using pg_prepare and pg_execute.
up
2
Jan-Willem Regeer
10 years ago
In reply to david dot bouriaud at ac-rouen dot fr:

All it is doing is internal caching. How can that be dangerous. If you are going to be deleting records after you have closed the connection it is your problem to make sure you have the latest and greatest records, and not some cached ones. Considering you are writing the script I don't see why it is a problem, you know what you are doing in the script, so it is quite useless for PHP to invalidate the cache, when that could be done upon exiting the script, which would mean there was less time spent cleaning out the cache when it counts most (when returning data to the user).
up
2
zoli at makettinfo.hu
10 years ago
It would be better this way:

<?php
  $result
=pg_query($conn, "SELECT COUNT(*) AS rows FROM x WHERE a=b;");
  if  (!
$result) {
   echo
"query did not execute";
  }
  if (
$line = pg_fetch_assoc($result)) {
    if (
$line['rows'] == 0) {
     echo
"0 records"
   
}
  }
  else {
   while (
$row = pg_fetch_array($result)) {
    
//do stuff with $row
  
}
  }
?>

This solution doesn't raise the load of the system with the move of matching rows (perhaps 0,1, perhaps 100, 1000, ... rows)
up
1
mankyd
10 years ago
Improving upon what jsuzuki said:

It's probably better to use pg_num_rows() to see if no rows were returned, as that leaves the resultset cursor pointed to the first row so you can use it in a loop.

Example:

<?php
  $result
=pg_query($conn, "SELECT * FROM x WHERE a=b;");
  if  (!
$result) {
   echo
"query did not execute";
  }
  if (
pg_num_rows($result) == 0) {
   echo
"0 records"
 
}
  else {
    while (
$row = pg_fetch_array($result) {
     
//do stuff with $row
   
}
  }
?>

I, personally, also find it more readable.
up
1
jsuzuki at spamcop dot net
10 years ago
expanding on the note left by "cmoore" -

To check to see if the recordset returned no records,

<?php
  $result
=pg_query($conn, "SELECT * FROM x WHERE a=b;");
  if  (!
$result) {
    echo
"query did not execute";
  }
 
$rs = pg_fetch_assoc($result);
  if (!
$rs) {
    echo
"0 records"
 
}
?>

-jack
up
0
cmoore
11 years ago
One thing to note that wasn't obvious to me at first.  If your query returns zero rows, that is not a "failed" query.  So the following is wrong:
  $result=pg_query($conn, "SELECT * FROM x WHERE a=b;");
  if  (!$result) {
    echo "No a=b in x\n";
  }

pg_query returns FALSE if the query can not be executed for some reason.  If the query is executed but returns zero rows then you get back a resul with no rows.
up
0
Akbar
11 years ago
Use pg_query to call your stored procedures, and use pg_fetch_result when getting a value (like a smallint as in this example) returned by your stored procedure.

<?php
$pgConnection
= pg_connect("dbname=users user=me");

$userNameToCheckFor = "metal";

$result = pg_query($pgConnection, "SELECT howManyUsersHaveThisName('$userNameToCheckFor')");

$count = pg_fetch_result($result, 0, 'howManyUsersHaveThisName');
?>
up
-1
sd at dicksonlife dot com
10 years ago
Took me a while to track this down so I thought it might be useful for others:

If you use stored procedures and need to get result sets back from them:

function dbquery($link,$query){
  pg_query($link,"BEGIN;");
  $tr=pg_query($link,$query);
  $r=pg_fetch_row($tr);
  $name=$r[0];
  $rs=pg_query($link,"FETCH ALL IN \"" . $name . "\";");
  pg_query($link,"END;");
  return $rs;
}

(Error checking removed for clarity)
up
-1
yoshinariatsuo at yahoo dot com
13 years ago
create table from pg_query results.. hope it helps newbies...
function table_create($result)
{
    $numrows = pg_num_rows($result);
    $fnum = pg_num_fields($result);

    echo "<table border width='100%'>";
    echo "<tr>";

    for ($x = 0; $x < $fnum; $x++) {
        echo "<td><b>";
        echo strtoupper(pg_field_name($result, $x));
        echo "</b></td>";
    }

    echo "</tr>";

    for ($i = 0; $i < $numrows; $i++) {
        $row = pg_fetch_object($result, $i);
        echo "<tr align='center'>";
        for ($x = 0; $x < $fnum; $x++) {
    $fieldname = pg_field_name($result, $x);
    echo "<td>";
    echo $row->$fieldname;
    echo "</td>";
        }
        echo"</tr>";
    }
    echo "</table>";
   
    return 0;
}
up
-1
Anonymous
2 years ago
Here is my small function to make it easier for me to use data from select queries (attention, it is sensitive to sql injection)
<?php
function requestToDB($connection,$request){
    if(!
$result=pg_query($connection,$request)){
        return
False;
    }
   
$combined=array();
    while (
$row = pg_fetch_assoc($result)) {
       
$combined[]=$row;
    }
    return
$combined;
}
?>

Example:
<?php
$conn
= pg_pconnect("dbname=mydatabase");

$results=requestToDB($connect,"select * from mytable");

//You can now access a "cell" of your table like this:
$rownumber=0;
$columname="mycolumn";

$mycell=$results[$rownumber][$columname];
var_dump($mycell);
up
-1
jvarner at dsrglobal dot com
14 years ago
That's why your code should never assume it has the very latest data unless it locks it.
up
-1
david dot bouriaud at ac-rouen dot fr
14 years ago
Hi to all !
It seems that the old pg_exec function does not do what it is expected to.
In the doc, it is said that it returns a resource identifier on the successful querry that was send to the backend.
It seems to me that it is more than a resource identifier.
Follow the example :

<?php
$ConnId
= pg_connect ("blablabla");
$ResId = pg_exec ("select * from table", $ConnId);
pg_close ($ConnId);
$row = pg_fetch_array ($ResId, 4);
?>

I closed the connection voluntarily before the pg_fetch_array. It WORKS !

Now, imagine the following script :
<?php
$ConnId
= pg_connect ("blablabla");
$ResId = pg_exec ("select * from table", $ConnId);
pg_close ($ConnId);
system ("psql base -c delete from table");
$row = pg_fetch_array ($ResId, 4);
?>
See how it could be harmful !!!! I think that the coders have done this for performances reasons, but it is not the right way do do so !!!
To Top