reference/pgsql/functions/pg-delete.xml
c2eca73ef79ebe78cebb34053e41b565af504c4f
...
...
@@ -1,7 +1,6 @@
1
1
<?xml version="1.0" encoding="utf-8"?>
2
2
<!-- $Revision$ -->
3
-
<!-- splitted from ./en/functions/pgsql.xml, last change in rev 1.80 -->
4
-
<refentry xml:id='function.pg-delete' xmlns="http://docbook.org/ns/docbook">
3
+
<refentry xml:id="function.pg-delete" xmlns="http://docbook.org/ns/docbook">
5
4
<refnamediv>
6
5
<refname>pg_delete</refname>
7
6
<refpurpose>
...
...
@@ -12,17 +11,32 @@
12
11
<refsect1 role="description">
13
12
&reftitle.description;
14
13
<methodsynopsis>
15
-
<type>mixed</type><methodname>pg_delete</methodname>
16
-
<methodparam><type>resource</type><parameter>connection</parameter></methodparam>
14
+
<type class="union"><type>string</type><type>bool</type></type><methodname>pg_delete</methodname>
15
+
<methodparam><type>PgSql\Connection</type><parameter>connection</parameter></methodparam>
17
16
<methodparam><type>string</type><parameter>table_name</parameter></methodparam>
18
-
<methodparam><type>array</type><parameter>assoc_array</parameter></methodparam>
19
-
<methodparam choice="opt"><type>int</type><parameter>options</parameter><initializer>PGSQL_DML_EXEC</initializer></methodparam>
17
+
<methodparam><type>array</type><parameter>conditions</parameter></methodparam>
18
+
<methodparam choice="opt"><type>int</type><parameter>flags</parameter><initializer><constant>PGSQL_DML_EXEC</constant></initializer></methodparam>
20
19
</methodsynopsis>
21
20
<para>
22
-
<function>pg_delete</function> deletes records from a table specified by
23
-
the keys and values in <parameter>assoc_array</parameter>. If <parameter>options</parameter> is
24
-
specified, <function>pg_convert</function> is applied
25
-
to <parameter>assoc_array</parameter> with the specified options.
21
+
<function>pg_delete</function> deletes records from a table
22
+
specified by the keys and values in <parameter>conditions</parameter>.
23
+
</para>
24
+
<para>
25
+
If <parameter>flags</parameter> is specified,
26
+
<function>pg_convert</function> is applied to
27
+
<parameter>conditions</parameter> with the specified flags.
28
+
</para>
29
+
<para>
30
+
By default <function>pg_delete</function> passes raw values.
31
+
Values must be escaped or the <constant>PGSQL_DML_ESCAPE</constant> flag
32
+
must be specified in <parameter>flags</parameter>.
33
+
<constant>PGSQL_DML_ESCAPE</constant> quotes and escapes parameters/identifiers.
34
+
Therefore, table/column names become case sensitive.
35
+
</para>
36
+
<para>
37
+
Note that neither escape nor prepared query can protect LIKE query,
38
+
JSON, Array, Regex, etc. These parameters should be handled
39
+
according to their contexts. i.e. Escape/validate values.
26
40
</para>
27
41
</refsect1>
28
42

...
...
@@ -33,9 +47,7 @@
33
47
<varlistentry>
34
48
<term><parameter>connection</parameter></term>
35
49
<listitem>
36
-
<para>
37
-
PostgreSQL database connection resource.
38
-
</para>
50
+
&pgsql.parameter.connection;
39
51
</listitem>
40
52
</varlistentry>
41
53
<varlistentry>
...
...
@@ -47,7 +59,7 @@
47
59
</listitem>
48
60
</varlistentry>
49
61
<varlistentry>
50
-
<term><parameter>assoc_array</parameter></term>
62
+
<term><parameter>conditions</parameter></term>
51
63
<listitem>
52
64
<para>
53
65
An <type>array</type> whose keys are field names in the table <parameter>table_name</parameter>,
...
...
@@ -56,14 +68,17 @@
56
68
</listitem>
57
69
</varlistentry>
58
70
<varlistentry>
59
-
<term><parameter>options</parameter></term>
71
+
<term><parameter>flags</parameter></term>
60
72
<listitem>
61
73
<para>
62
74
Any number of <constant>PGSQL_CONV_FORCE_NULL</constant>,
63
75
<constant>PGSQL_DML_NO_CONV</constant>,
64
-
<constant>PGSQL_DML_EXEC</constant> or
76
+
<constant>PGSQL_DML_ESCAPE</constant>,
77
+
<constant>PGSQL_DML_EXEC</constant>,
78
+
<constant>PGSQL_DML_ASYNC</constant> or
65
79
<constant>PGSQL_DML_STRING</constant> combined. If <constant>PGSQL_DML_STRING</constant> is part of the
66
-
<parameter>options</parameter> then query string is returned.
80
+
<parameter>flags</parameter> then query string is returned. When <constant>PGSQL_DML_NO_CONV</constant>
81
+
or <constant>PGSQL_DML_ESCAPE</constant> is set, it does not call <function>pg_convert</function> internally.
67
82
</para>
68
83
</listitem>
69
84
</varlistentry>
...
...
@@ -75,10 +90,27 @@
75
90
&reftitle.returnvalues;
76
91
<para>
77
92
&return.success; Returns <type>string</type> if <constant>PGSQL_DML_STRING</constant> is passed
78
-
via <parameter>options</parameter>.
93
+
via <parameter>flags</parameter>.
79
94
</para>
80
95
</refsect1>
81
96

97
+
<refsect1 role="changelog">
98
+
&reftitle.changelog;
99
+
<informaltable>
100
+
<tgroup cols="2">
101
+
<thead>
102
+
<row>
103
+
<entry>&Version;</entry>
104
+
<entry>&Description;</entry>
105
+
</row>
106
+
</thead>
107
+
<tbody>
108
+
&pgsql.changelog.connection-object;
109
+
</tbody>
110
+
</tgroup>
111
+
</informaltable>
112
+
</refsect1>
113
+
82
114
<refsect1 role="examples">
83
115
&reftitle.examples;
84
116
<para>
...
...
@@ -88,8 +120,10 @@
88
120
<![CDATA[
89
121
<?php
90
122
$db = pg_connect('dbname=foo');
91
-
// This is safe, since $_POST is converted automatically
92
-
$res = pg_delete($db, 'post_log', $_POST);
123
+
// This is safe somewhat, since all values are escaped.
124
+
// However PostgreSQL supports JSON/Array. These are not
125
+
// safe by neither escape nor prepared query.
126
+
$res = pg_delete($db, 'post_log', $_POST, PG_DML_ESCAPE);
93
127
if ($res) {
94
128
echo "POST data is deleted: $res\n";
95
129
} else {
...
...
@@ -100,7 +134,6 @@
100
134
</programlisting>
101
135
</example>
102
136
</para>
103
-
&warn.experimental.func;
104
137
</refsect1>
105
138

106
139
<refsect1 role="seealso">
...
...
@@ -112,7 +145,6 @@
112
145
</para>
113
146
</refsect1>
114
147
</refentry>
115
-

116
148
<!-- Keep this comment at the end of the file
117
149
Local variables:
118
150
mode: sgml
119
151



Tools (Chinese (Simplified) Manual)