Re: [PHP-DB] pg_insert tyro question
Micah, As a tyro, I'm curious AND cautious: belt AND suspenders is best. When you say: assign the values needed into another array before submitting to the database I presume you mean something like this, yes? /*Create arrays for each of the tables*/ $coretable = array_slice($_POST, 0, 33); $creatable = array_slice($_POST, 33, 5); $subjectable = array_slice($_POST, 38, 2); $stypertable = array_slice($_POST, 40, 2); $cultable = array_slice($_POST, 42, 2); $matertable = array_slice($_POST, 44, 6); But while my own sanity is _certainly_ in question (I rue the day I agreed to do this project, however educational it has been), You seem to be using sanity check in a technical sense. What exactly would that be, when it's at home, and what would it look like? Thanks all for the good advice! Jon On Aug 22, 2005, at 4:22 PM, mike burnard wrote: I certainly agree with that Micah. array_pop only removes that last item. If you are in a an open environment you definitely want to include security checks and form validation. -mike On Aug 22, 2005, at 4:07 PM, Micah Stevens wrote: This is tenuous and insecure, you have no control over the $_POST array, only the submitting page does, I'd do a sanity check, and assign the values needed into another array before submitting to the database. This is also primed for a SQL injection attack. Bad idea.. IMHO.. -Micah -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] pg_insert tyro question
Being a tyro, I'm sure I'm missing something obvious about handling the
array $_POST. I hope wiser heads can point me in the right direction.
This fails:
?php
$db = pg_connect( dbname=foo user=bar );
if( $db )
{
print Successfully connected to port: . pg_port($db) .br/\n;
} else {
print pg_last_error ($db);
exit;
}
$res = pg_insert($db, 'vracore', $_POST);
if ($res) {
echo You're a Genius;
} else {
print_r ($_POST);
exit;
}
pg_Close( $db );
?
The connection string works fine. If I insert each field in $_POST
separately, that works fine too eg.
$value1=$_POST['value1'];
$value1=$_POST['value2'];
etc...
$query = insert into foo (columnname1, columnname2, etc...) values
($value1, $value2, etc...);;
$result = pg_exec($db, $query);
But if I try pg_insert($db, 'foo', $_POST);
it fails. I note that print_r ($_POST) returns a list of values that
includes [addentry] = Add Entry from the submit button. Is that what's
screwing it up?
Any clues would be much appreciated.
Jon
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] pg_insert tyro question
Thanks mike! that did the trick. This works:
array_pop($_POST);
/* this gets rid of the last element of $_POST which is 'addentry' from
the form's submit button. $_POST now containes ONLY the values expected by
pg_insert. By the way, the order of the values in $_POST does not seem to
matter, only that there are exactly as many as there are columns in the
table and their names match the columns exactly.*/
$res = pg_insert($db, 'foo', $_POST);
if ($res) {
echo You're a Genius;
} else {
print pg_last_error ($db);
exit;
}
On Mon, 22 Aug 2005, mike burnard wrote:
It very likely is the error. you can use array_pop($_POST); to remove that
last line. You can always have your insert function return an error on
failure. snip /
By the way Bastian and John, thanks for responding to my pg_connect
question some days ago. Installing Marc Liyanage's distribution did the
trick!
Thanks too to Bastian and Micah.
Or if you need to store all the values, you could normalize the table
field
into another table.
-Micah
On Monday 22 August 2005 3:19 pm, Bastien Koert wrote:
To further append the previous note,
if you want to insert the array, you need to serialize it
(www.php.net/serialize) to make the array db safe
if you want to insert the individual specific values, you will need to
implode the array with separators (and check the data in the correct
order
for the field list) or you will need to supply a field list that matches
the array list to ensure the data elements are placed into the correct
columns
Bastien
I'm not sure what any of this means, but it didn't turn out to be
necessary.
Jon
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] pg_connect gets fatal error
On Sat, 13 Aug 2005, Bastien Koert wrote: is php compiled with postgre support? probably not from the sounds of it bastien I'm guessing you're right, but it's not clear how I could tell. The output from ?php phpinfo() ? doesn't really help much unless I know what to look for. On the one hand it says that DBX support is enabled and PostgreSQL is one of the supported databases, on the other, MySQL support is described explicitly, as is ODBC, but there is no similar section for the other supported DBs. If php wasn't compiled with postgres support, do I have to recompile it? how? Apologies if these questions are naive, but I am a rank tyro in these matters. Jon -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] pg_connect gets fatal error
Dear all, I'm brand new at this and I'm trying to get Darwin/Apache/Php/PostgresSQL running on my iBook (OS X 10.4.2) with Tiger newly installed. Apache 1.3 is running fine, PostgresSQL 8.0.1 working fine, PHP 4.3.11 works except when I try to call a postgres function I get: Fatal error: Call to undefined function: pg_connect() in /Users/jjc/Sites/PHPtesting/hello.php on line 12 looking at /private/etc/php.ini.default, it looks like postgres is enabled, so why doesn't php like any pg_ functions? I've scoured the faqs and the archives. I've found this question asked before, but not answered. Any help for a tyro? Jon -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
