4

I have a function in PostgreSQL / plpgsql with the following signature:

CREATE OR REPLACE FUNCTION user_login(TEXT, TEXT) RETURNS SETOF _get_session AS $$ ... $$

Where _get_session is a view. The function works fine when calling it from phpPgAdmin, however whan I call it from PHP I get the following error:

Warning: pg_query() [function.pg-query]: Query failed: ERROR: type "session_ids" does not exist CONTEXT: compile of PL/pgSQL function "user_login" near line 2 in /home/sites/blah.com/index.php on line 69

The DECLARE section of the function contains the following variables:

oldSessionId session_ids := $1;
newSessionId session_ids := $2;

The domain session_ids DOES exist, and other functions which use the same domain work when called from the same script. The PHP is as follows:

$query = "SELECT * FROM $dbschema.user_login('$session_old'::TEXT, '$session'::TEXT)";
$result = pg_query($login, $query);

I have also tried this using ::session_ids in place of ::TEXT when calling the function, however I recieve the same error.

Help :o(

4

2 回答 2

1

只需使您的代码简单:

$query = "SELECT * FROM $dbschema.user_login($1, $2)";
$result = pg_query_params($login, $query, array($session_old, $session));

现在您可以安全地避免 SQL 注入了。

但是,您的函数仍然是错误的,没有数据类型“session_ids”。我想你想在 DECLARE 部分使用 TEXT 。

于 2010-04-19T16:16:09.297 回答
1

如果您的查询涉及多行,那么 PHP 很可能不会将它们作为同一事务的一部分发送。如果是这种情况,您有两个选择。

第一个选项是在同一个调用中发送所有查询

pg_query("query1; query2; query3;");

第二个选项(我认为最好的)是使用事务。这将允许您通过多行进行调用,尽管开始语句很可能需要与初始查询一起发送。

pg_query("begin; query1;");
pg_query("query2;");
pg_query("commit;");

如果发生错误,则将提交替换为回滚,并且不会对 db 进行任何更改。

在使用 Postgres 时,这实际上是一个很好的经验法则。

于 2010-05-19T15:38:10.317 回答