Does pg_escape_string work?

A

Angelxalfa2015-04-08 15:53:02

PHP

Angelxalfa, 2015-04-08 15:53:02

Good afternoon!
I want to check if pg_escape_string works.
I write to the database the string
v/a\*l>1-
In theory, the characters should be escaped? But when viewing the database (via phppgadmin), the string looks the same (v/a\*l>1-).
The question is, is this normal?
And how can I check whether characters are escaped or not?
I use like this:

$col1 = $_POST['col1'];
    $col1e = pg_escape_identifier($col1);
$val1 = $_POST['val1'];	
    $val1e = pg_escape_string($val1);
$table_insert = pg_query($dbconn, "INSERT INTO ".$prefix."$table ({$col1e}) VALUES ('{$val1e}')");

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

F

FanatPHP, 2015-04-08
@Angelxalfa

You don't need to check anything. It's your code that doesn't work, and built-in functions always work. Everything is screened.
No need to use pg_escape_string. You need to use pg_query_params and prepared expressions .
Your questions are stupid.
If you give yourself the trouble to think at least a little, then, of course, you can answer the question of
how to check the result of the work of a particular function
and why you don’t see any escaping in the database