Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

pg_escape_string not working

Tags:

php

postgresql

I want to use pg_escape_string in my password can anyone sugest me hows it is used? in my postgresql insert table

$query = "insert into vmobjects (guid,ipaddress,username,password,hostid,vmname,guestostype) values('".$guid."','".$ip."','".$username."','".$password."','".$hostid."','".$name."','".strtolower($os)."')";

I m using $escaped = pg_escape_string($password);

$query = "insert into vmobjects (guid,ipaddress,username,password,hostid,vmname,guestostype) values('".$guid."','".$ip."','".$username."','".$escaped ."','".$hostid."','".$name."','".strtolower($os)."')";

but it is not working it wil not take my & and + string ... like if i insert @#&$%&^* as a password then after @# it shows nul values .... pg_escape_string not working

It wil takes '~!@#$%^*()_=-{}|][:"';<>?/.,'except& and +` string.

my backend table row insert & string as a null value and after & string all values are null and In the case of + string this is only null

Plz Don't refer me the sites manual

Ya I'm POSTing the contents of a form field via AJAX to a PHP script and using this code

if(!http)
            http = CreateObject();  

        nocache = Math.random();

        http.open('post', 'addvm.php');
        http.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); 
        http.setRequestHeader("Content-length", params.length);
        http.setRequestHeader("Connection", "close");
        http.onreadystatechange = SaveReply;

        http.send(params);
like image 259
Harsh Avatar asked Dec 17 '22 14:12

Harsh

2 Answers

Forget about pg_escape_string and similar "workarounds".

What you want are prepared statements and bind parameters or (in case you're unwilling to jump right in) at least pg_query_params.

like image 193
Milen A. Radev Avatar answered Feb 25 '23 09:02

Milen A. Radev

Just use pg_query_params() to make things very simple:

$query = "
INSERT INTO vmobjects 
  (guid,ipaddress,username,password,hostid,vmname,guestostype) 
VALUES($1, $2, $3, $4, $5, $6, $7)"; // $1 to $7 are the placeholders
$result = pg_query_params(
  $connection, // your database connection should be here
  $query,      // the query itself, including placeholders
  array($guid,$ip,$username,$password,$hostid,$name,strtolower($os) // array with values
);

There is no need for pg_escape_string when using pg_query_params. pg_query_params is by far the most simple aproach for interaction with your database.

like image 39
Frank Heikens Avatar answered Feb 25 '23 10:02

Frank Heikens
Sign in to Comment

Related questions

strtotime() & date() weird behaviour when converting date in to same format as it was before
PHP quotes with a like query
Why do Multidimentional Arrays replace the first letter of the first key value?
PHP/jQuery chat plugin [closed]
Find important text in arbitrary HTML using PHP?
How zend engine compile php codes or How php compiler works?
Getting location from coordinates?
PHP, MySQL, IIS7.5 is taking far too long for simple queries
Select rows from a MySQL table where value is an array?
Redirecting to external url with params using zend framework
Very simple PHP addition problem
PHP - Instead of doing ECHO's to debug variable values, how to send the value to a file?
what is wrong with this line?
php : repost the parameters
Limit a variable value to certain predefined values
Converting russian characters from upper case to lower case in php
Saving HABTM with extra fields?
PHP Array of Custom Class
php sessions security query
What is the point of replace function in Memcache?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!