When i am running my query
$dbhost='localhost';
$dbuser='dbuser';
$dbpass='dbpass';
$dbname='dbname';
$conn=pg_connect('host='.$dbhost.' dbname='.$dbname.' user='.$dbuser.' password='.$dbpass);
if (!$conn) {
echo "An error occured.\n";
exit;
}else{
echo "connection occured";
}
echo $conn;
$insert=pg_query($conn, "Insert into `advertiser_regidetdir`
(user_name,domain_name,user_email,publickey,privatekey, refresh_count )
values('$user','$domain','$email','$pubkey','$pritekey',0)");
if (!$insert) {
echo "An error occured.\n";
exit;
}
I am getting output somthing like this..开发者_JS百科..... connection occured Resource id #2An error occured. Why this error is coming.
Use the pg_last_error() function to get a more detailed error message like this:
if (!$insert) {
echo "An error occured.\n";
echo pg_last_error($conn);
exit;
}
Insert into `advertiser_regidetdir`
Backticks are a MySQL quoting feature that is not part of standard ANSI SQL and not available in other databases. The ANSI syntax for quoting a schema name is double quotes.
It is unfortunate that MySQL interprets double quotes as a synonym for single quotes. If you want to write code that is portable across MySQL and other DBMSs, you'll need to either:
- use double-quotes for schema names throughout, and on MySQL turn on the sql_mode ANSI_QUOTES feature in order to make it comply with the standard, or
- avoid quoting schema names altogether. This requires general knowledge of what keywords exist in different DBMSs so you can avoid those words, but certainly
advertiser_regidetdir
is not a keyword in any DBMS so is quite valid without the quotes.
.
values('$user','$domain','$email','$pubkey','$pritekey',0)
Unless you have already pg_escape_string
ed those values, that's a bit old load of SQL injection security horror.
Consider parameterised queries, especially as with the pg
module you get pg_query_params which makes it really easy.
Use pg_query_params() to avoid SQL injection and don't use backticks `, these have nothing to do with SQL:
<?php
$dbhost='localhost';
$dbuser='dbuser';
$dbpass='dbpass';
$dbname='dbname';
$conn = pg_connect('host='.$dbhost.' dbname='.$dbname.' user='.$dbuser.' password='.$dbpass);
if (!$conn) {
echo "An error occured.\n";
exit;
}else{
echo "connection occured";
}
echo $conn;
$query = '
INSERT INTO advertiser_regidetdir
(user_name,domain_name,user_email,publickey,privatekey, refresh_count )
VALUES($1, $2, $3, $4, $5, 0)'; // 5 placeholders
$insert = pg_query_params(
$conn,
$query,
array($user, $domain, $email, $pubkey, $pritekey) // array with values
);
if (!$insert) {
echo "An error occured.\n";
exit;
}
?>
精彩评论