pg_escape_literal()
(PHP 5 >= 5.4.4, PHP 7)
Escape a literal for insertion into a text field
说明
pg_escape_literal([resource $connection],string $data): string
pg_escape_literal() escapes a literal for querying the PostgreSQL database. It returns an escaped literal in the PostgreSQL format.pg_escape_literal() adds quotes before and after data. Users should not add quotes. Use of this function is recommended instead of pg_escape_string(). If the type of the column is bytea,pg_escape_bytea() must be used instead. For escaping identifiers(e.g. table, field names),pg_escape_identifier() must be used.
Note:This function has internal escape code and can also be used with PostgreSQL 8.4 or less.
参数
- $connection
PostgreSQL database connection resource. When$connectionis not present, the default connection is used. The default connection is the last connection made by pg_connect() or pg_pconnect(). When there is no default connection, it raisesE_WARNINGand returns
FALSE
.- $data
A string containing text to be escaped.
返回值
A string containing the escaped data.
范例
Example #1 pg_escape_literal() example
<?php // Connect to the database $dbconn = pg_connect('dbname=foo'); // Read in a text file (containing apostrophes and backslashes) $data = file_get_contents('letter.txt'); // Escape the text data $escaped = pg_escape_literal($data); // Insert it into the database. Note that no quotes around {$escaped} pg_query("INSERT INTO correspondence (name, data) VALUES ('My letter', {$escaped})"); ?>
参见
pg_escape_identifier()
Escape a identifier for insertion into a text fieldpg_escape_bytea()
转义 bytea 类型的二进制数据pg_escape_string()
转义 text/char 类型的字符串