PHP 5.6.16 is available


(PHP 4 >= 4.3.0, PHP 5)

pg_select Select records


mixed pg_select ( resource $connection , string $table_name , array $assoc_array [, int $options = PGSQL_DML_EXEC ] )

pg_select() selects records specified by assoc_array which has field=>value. For a successful query, it returns an array containing all records and fields that match the condition specified by assoc_array.

If options is specified, pg_convert() is applied to assoc_array with the specified flags.



PostgreSQL database connection resource.


Name of the table from which to select rows.


An array whose keys are field names in the table table_name, and whose values are the conditions that a row must meet to be retrieved.


Any number of PGSQL_CONV_FORCE_NULL, PGSQL_DML_NO_CONV, PGSQL_DML_ESCAPE, PGSQL_DML_EXEC, PGSQL_DML_ASYNC or PGSQL_DML_STRING combined. If PGSQL_DML_STRING is part of the options then query string is returned. When PGSQL_DML_NO_CONV or PGSQL_DML_ESCAPE is set, it does not call pg_convert() internally.

Valorile întoarse

Întoarce valoarea TRUE în cazul succesului sau FALSE în cazul eșecului. Returns string if PGSQL_DML_STRING is passed via options.


Example #1 pg_select() example

// This is safe, since $_POST is converted automatically
$rec pg_select($db'post_log'$_POST);
  if (
$rec) {
"Records selected\n";
  } else {
"User must have sent wrong inputs\n";

Istoricul schimbărilor

Versiune Descriere
5.6.0 No longer experimental. Added PGSQL_DML_ESCAPE constant, TRUE/FALSE and NULL data type support.
5.5.3/5.4.19 Direct SQL injection to table_name and Indirect SQL injection to identifiers are fixed.

A se vedea și

  • pg_convert() - Convert associative array values into suitable for SQL statement

add a note add a note

User Contributed Notes 2 notes

david dot tulloh at infaze dot com dot au
10 years ago
Valid options are PGSQL_DML_NO_CONV, PGSQL_DML_EXEC, PGSQL_DMP_ASYNC, PGSQL_DML_STRING (pulled out of source code).

This function does not support selecting from multiple tables.  You can get around this by setting the PGSQL_DML_NO_CONV option.  This prevents the error which occurs when the function tries to convert the condition array.

I think it is also important to point out that the table_name field is not safe, particularily with the PGSQL_DML_NO_CONV option.

The arguements array field is compulsory, as documented.  What isn't so clear is that the array has to actually have some values in it, you can't do a select all.

In summary, this function is good for a very small subset of basic queries.  If you are after anything more complex you are better off with pg_query.
wietse at cj2 dot nl
9 years ago
David mentioned that you can't do a Select all.
However, when executing this script:
= "dbname=mydb";
$db = pg_connect($conn_string);
$selectfields = array("imgid" => "");
$records = pg_select($db,"mmsfiles",$selectfields);
...I get this result:
    [0] => Array
            [imgid] => 1
            [file] => /home/wietse/public_html/mms/images/1.gif
            [thumb] =>
    [1] => Array
            [imgid] => 2
            [file] => /home/wietse/public_html/mms/images/2.gif
            [thumb] =>
    [2] => Array
            [imgid] => 3
            [file] => /home/wietse/public_html/mms/images/3.gif
            [thumb] =>
    [3] => Array
            [imgid] => 4
            [file] => /home/wietse/public_html/mms/images/4.gif
            [thumb] =>
To Top