PostgreSQL Functions
PHP Manual

pg_escape_string

Escape a string for query

Description

string pg_escape_string ([ resource $connection ], string $data )

pg_escape_string escapes a string for querying the database. It returns an escaped string in the PostgreSQL format without quotes. pg_escape_literal is more preferred way to escape SQL parameters for PostgreSQL. addslashes must not be used with PostgreSQL. If the type of the column is bytea, pg_escape_bytea must be used instead. pg_escape_identifier must be used to escape identifiers (e.g. table names, field names)

Note:

This function requires PostgreSQL 7.2 or later.

Parameters

connection

PostgreSQL database connection resource. When connection is not present, the default connection is used. The default connection is the last connection made by pg_connect or pg_pconnect.

data

A string containing text to be escaped.

Return Values

A string containing the escaped data.

Changelog

Version Description
5.2.0 connection added

Examples

Example #1 pg_escape_string example

<?php 
  // Connect to the database
  $dbconn pg_connect('dbname=foo');
  
  // Read in a text file (containing apostrophes and backslashes)
  $data file_get_contents('letter.txt');
  
  // Escape the text data
  $escaped pg_escape_string($data);
  
  // Insert it into the database
  pg_query("INSERT INTO correspondence (name, data) VALUES ('My letter', '{$escaped}')");
?>

See Also

  • pg_escape_bytea