Hello PHP EN Documentation team,
There are contributions within the online editor queue for this language.
Please review, then commit or delete these patches.
Patches for review :
-----------------------
New file: en/reference/sqlite3/sqlite3/createcollation.xml
By: b dewar on 2013-04-10 04:59:20
===================================================================
--- en/reference/sqlite3/sqlite3/createcollation.xml
+++ en/reference/sqlite3/sqlite3/createcollation.xml
@@ -0,0 +1,142 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- $Revision: 299459 $ -->
+
+<refentry xml:id="sqlite3.createcollation"
xmlns="http://docbook.org/ns/docbook";
xmlns:xlink="http://www.w3.org/1999/xlink";>
+ <refnamediv>
+ <refname>SQLite3::createCollation</refname>
+
+ <refpurpose>Registers a PHP function for use as an SQL collating
function</refpurpose>
+ </refnamediv>
+
+ <refsect1 role="description">
+ &reftitle.description;
+ <methodsynopsis>
+ <modifier>public</modifier>
<type>bool</type><methodname>SQLite3::createCollation</methodname>
+ <methodparam><type>string</type><parameter>name</parameter></methodparam>
+
<methodparam><type>callable</type><parameter>callback</parameter></methodparam>
+ </methodsynopsis>
+ <para>
+ Registers a PHP function or user-defined function for use as a collating
+ function within SQL statements.
+ </para>
+ </refsect1>
+
+ <refsect1 role="parameters">
+ &reftitle.parameters;
+ <variablelist>
+ <varlistentry>
+ <term><parameter>name</parameter></term>
+ <listitem>
+ <para>
+ Name of the SQL collating function to be created or redefined
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><parameter>callback</parameter></term>
+ <listitem>
+ <para>
+ The name of a PHP function or user-defined function to apply as a
+ callback, defining the behavior of the collation. It should accept
+ two strings and return as <function>strcmp</function> does, i.e. it
should return -1, 1,
+ or 0 if the first string sorts before, sorts after, or is equal to the
second.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 role="returnvalues">
+ &reftitle.returnvalues;
+ <para>
+ &return.success;
+ </para>
+ </refsect1>
+
+ <refsect1 role="examples">
+ &reftitle.examples;
+ <para>
+ <example>
+ <title><function>SQLite3::createCollation</function> example</title>
+ <para>
+ Register the PHP function <function>strnatcmp</function> as a collating
sequence in the SQLite3 database.
+ </para>
+ <programlisting role="php">
+<![CDATA[
+<?php
+
+$db = new SQLite3(":memory:");
+$db->exec("CREATE TABLE test (col1 string)");
+$db->exec("INSERT INTO test VALUES ('a1')");
+$db->exec("INSERT INTO test VALUES ('a10')");
+$db->exec("INSERT INTO test VALUES ('a2')");
+
+$db->createCollation('NATURAL_CMP', 'strnatcmp');
+
+$defaultSort = $db->query("SELECT col1 FROM test ORDER BY col1");
+$naturalSort = $db->query("SELECT col1 FROM test ORDER BY col1 COLLATE
NATURAL_CMP");
+
+echo "default:n";
+while ($row = $defaultSort->fetchArray()){
+ echo $row['col1'], "n";
+}
+
+echo "nnatural:n";
+while ($row = $naturalSort->fetchArray()){
+ echo $row['col1'], "n";
+}
+
+$db->close();
+
+?>
+]]>
+ </programlisting>
+ &example.outputs;
+ <screen>
+<![CDATA[
+
+default:
+a1
+a10
+a2
+
+natural:
+a1
+a2
+a10
+
+]]>
+ </screen>
+ </example>
+ </para>
+ </refsect1>
+
+ <refsect1 role="seealso">
+ &reftitle.seealso;
+ <simplelist>
+ <member>The SQLite collation documentation: <link
xlink:href="&url.sqlite.collation;">&url.sqlite.collation;</link></member>
+ </simplelist>
+ </refsect1>
+
+</refentry>
+
+<!-- Keep this comment at the end of the file
+Local variables:
+mode: sgml
+sgml-omittag:t
+sgml-shorttag:t
+sgml-minimize-attributes:nil
+sgml-always-quote-attributes:t
+sgml-indent-step:1
+sgml-indent-data:t
+indent-tabs-mode:nil
+sgml-parent-document:nil
+sgml-default-dtd-file:"~/.phpdoc/manual.ced"
+sgml-exposed-tags:nil
+sgml-local-catalogs:nil
+sgml-local-ecat-files:nil
+End:
+vim600: syn=xml fen fdm=syntax fdl=2 si
+vim: et tw=78 syn=sgml
+vi: ts=1 sw=1
+-->
No newline at end of file
=> Put this change into your patches :
https://edit.php.net/?project=php&action=putIntoMyPatches&idDB=43558
=> Delete this change:
https://edit.php.net/?project=php&action=deleteThisChange&idDB=43558
------------------------------------------------------------------
Modified: en/reference/sqlite3/versions.xml
By: b dewar on 2012-11-29 08:42:57
===================================================================
--- en/reference/sqlite3/versions.xml
+++ en/reference/sqlite3/versions.xml
@@ -1,16 +1,15 @@
<?xml version='1.0' encoding='utf-8'?>
-<!-- $Revision: 330432 $ -->
+<!-- $Revision: 304540 $ -->
<!--
Do NOT translate this file
-->
<versions>
-
- <function name='SQLite3' from='PHP 5 >= 5.3.0'/>
<function name='SQLite3::__construct' from='PHP 5 >= 5.3.0'/>
<function name='SQLite3::busyTimeout' from='PHP 5 >= 5.3.3'/>
<function name='SQLite3::changes' from='PHP 5 >= 5.3.0'/>
<function name='SQLite3::close' from='PHP 5 >= 5.3.0'/>
<function name='SQLite3::createAggregate' from='PHP 5 >= 5.3.0'/>
+ <function name='SQLite3::createCollation' from='PHP 5 >= 5.4.0'/>
<function name='SQLite3::createFunction' from='PHP 5 >= 5.3.0'/>
<function name='SQLite3::escapeString' from='PHP 5 >= 5.3.0'/>
<function name='SQLite3::exec' from='PHP 5 >= 5.3.0'/>
@@ -24,7 +23,6 @@
<function name='SQLite3::querySingle' from='PHP 5 >= 5.3.0'/>
<function name='SQLite3::version' from='PHP 5 >= 5.3.0'/>
- <function name='SQLite3Stmt' from='PHP 5 >= 5.3.0'/>
<function name='SQLite3Stmt::bindParam' from='PHP 5 >= 5.3.0'/>
<function name='SQLite3Stmt::bindValue' from='PHP 5 >= 5.3.0'/>
<function name='SQLite3Stmt::clear' from='PHP 5 >= 5.3.0'/>
@@ -33,7 +31,6 @@
<function name='SQLite3Stmt::paramCount' from='PHP 5 >= 5.3.0'/>
<function name='SQLite3Stmt::reset' from='PHP 5 >= 5.3.0'/>
- <function name='SQLite3Result' from='PHP 5 >= 5.3.0'/>
<function name='SQLite3Result::columnName' from='PHP 5 >= 5.3.0'/>
<function name='SQLite3Result::columnType' from='PHP 5 >= 5.3.0'/>
<function name='SQLite3Result::fetchArray' from='PHP 5 >= 5.3.0'/>
=> Put this change into your patches :
https://edit.php.net/?project=php&action=putIntoMyPatches&idDB=43559
=> Delete this change:
https://edit.php.net/?project=php&action=deleteThisChange&idDB=43559
------------------------------------------------------------------
Modified: en/reference/var/functions/intval.xml
By: anonymous on 2013-03-27 02:18:53
===================================================================
--- en/reference/var/functions/intval.xml
+++ en/reference/var/functions/intval.xml
@@ -40,6 +40,31 @@
<para>
The base for the conversion
</para>
+ <note>
+ <para>
+ If <parameter>base</parameter> is 0, the base used is determined
+ by the format of <parameter>var</parameter>:
+ <itemizedlist>
+ <listitem>
+ <simpara>
+ if string includes a "0x" (or "0X") prefix, the base is taken
+ as 16 (hex); otherwise,
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ if string starts with "0", the base is taken as 8 (octal);
+ otherwise,
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ the base is taken as 10 (decimal).
+ </simpara>
+ </listitem>
+ </itemizedlist>
+ </para>
+ </note>
</listitem>
</varlistentry>
</variablelist>
=> Put this change into your patches :
https://edit.php.net/?project=php&action=putIntoMyPatches&idDB=46078
=> Delete this change:
https://edit.php.net/?project=php&action=deleteThisChange&idDB=46078
------------------------------------------------------------------
Modified: en/reference/pcre/pattern.syntax.xml
By: anonymous on 2013-03-29 01:31:14
===================================================================
--- en/reference/pcre/pattern.syntax.xml
+++ en/reference/pcre/pattern.syntax.xml
@@ -271,7 +271,7 @@
<listitem>
<simpara>
a character with the xx property, see
- <link linkend="regexp.reference.unicode">unicode properties</link>
+ <link linkend="regexp.reference.unicode">Unicode properties</link>
for more info
</simpara>
</listitem>
@@ -281,7 +281,17 @@
<listitem>
<simpara>
a character without the xx property, see
- <link linkend="regexp.reference.unicode">unicode properties</link>
+ <link linkend="regexp.reference.unicode">Unicode properties</link>
+ for more info
+ </simpara>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis>X</emphasis></term>
+ <listitem>
+ <simpara>
+ an Unicode grapheme, see
+ <link linkend="regexp.reference.unicode">Unicode properties</link>
for more info
</simpara>
</listitem>
@@ -611,7 +621,7 @@
</varlistentry>
<varlistentry>
<term><emphasis>X</emphasis></term>
- <listitem><simpara>an extended Unicode sequence</simpara></listitem>
+ <listitem><simpara>any Unicode grapheme incl. an extended Unicode
sequence</simpara></listitem>
</varlistentry>
</variablelist>
<para>
@@ -1020,15 +1030,7 @@
</tgroup>
</table>
<para>
- The <literal>X</literal> escape matches any number of Unicode characters
- that form an extended Unicode sequence. <literal>X</literal> is equivalent
- to <literal>(?>PMpM*)</literal>.
- </para>
- <para>
- That is, it matches a character without the "mark" property, followed
- by zero or more characters with the "mark" property, and treats the
- sequence as an atomic group (see below). Characters with the "mark"
- property are typically accents that affect the preceding character.
+ The <literal>X</literal> escape matches any single Unicode grapheme
regardless it is a single code-point or in form of an extended Unicode sequence
with combining marks.
</para>
<para>
Matching characters by Unicode property is not fast, because PCRE has
=> Put this change into your patches :
https://edit.php.net/?project=php&action=putIntoMyPatches&idDB=46090
=> Delete this change:
https://edit.php.net/?project=php&action=deleteThisChange&idDB=46090
------------------------------------------------------------------
Modified: en/reference/classobj/functions/get-object-vars.xml
By: anonymous on 2013-03-31 05:40:56
===================================================================
--- en/reference/classobj/functions/get-object-vars.xml
+++ en/reference/classobj/functions/get-object-vars.xml
@@ -13,7 +13,7 @@
</methodsynopsis>
<para>
Gets the accessible non-static properties of the given
- <parameter>object</parameter> according to scope.
+ <parameter>object</parameter> according to scope and name of the property.
</para>
</refsect1>
<refsect1 role="parameters">
@@ -35,7 +35,7 @@
&reftitle.returnvalues;
<para>
Returns an associative array of defined object accessible non-static
properties
- for the specified <parameter>object</parameter> in scope. If a property has
+ for the specified <parameter>object</parameter> in scope and per the
property-name. If a property has
not been assigned a value, it will be returned with a &null; value.
</para>
</refsect1>
@@ -59,6 +59,12 @@
</entry>
</row>
<row>
+ <entry>5.0.0</entry>
+ <entry>
+ This function now filters <type>integer</type> property-names out.
Previously their values were returned.
+ </entry>
+ </row>
+ <row>
<entry>4.2.0</entry>
<entry>
Properties which were declared in the class of the
<parameter>object</parameter>
=> Put this change into your patches :
https://edit.php.net/?project=php&action=putIntoMyPatches&idDB=46111
=> Delete this change:
https://edit.php.net/?project=php&action=deleteThisChange&idDB=46111
------------------------------------------------------------------
Modified: en/reference/math/constants.xml
By: anonymous on 2013-04-06 06:28:27
===================================================================
--- en/reference/math/constants.xml
+++ en/reference/math/constants.xml
@@ -146,13 +146,13 @@
<entry><constant>NAN</constant></entry>
<entry>NAN (as a float)</entry>
<entry>Not A Number</entry>
- <entry></entry>
+ <entry>PHP 4.3.6</entry>
</row>
<row xml:id="constant.inf">
<entry><constant>INF</constant></entry>
<entry>INF (as a float)</entry>
<entry>The infinite</entry>
- <entry></entry>
+ <entry>PHP 4.3.6</entry>
</row>
</tbody>
</tgroup>
=> Put this change into your patches :
https://edit.php.net/?project=php&action=putIntoMyPatches&idDB=46202
=> Delete this change:
https://edit.php.net/?project=php&action=deleteThisChange&idDB=46202
------------------------------------------------------------------
Modified: en/reference/var/functions/is-float.xml
By: Hans Henrik Bergan on 2013-05-07 14:02:53
===================================================================
--- en/reference/var/functions/is-float.xml
+++ en/reference/var/functions/is-float.xml
@@ -52,28 +52,33 @@
<programlisting role="php">
<![CDATA[
<?php
-if (is_float(27.25)) {
- echo "is floatn";
-} else {
- echo "is not floatn";
+$values = array(23,'23',23.5,'23.5', '0', 0,false, true, null, 'abc', '', ' ');
+foreach ($values as $value) {
+ echo "is_float(";
+ var_export($value);
+ echo ") = ";
+ var_dump(is_float($value));
}
-var_dump(is_float('abc'));
-var_dump(is_float(23));
-var_dump(is_float(23.5));
-var_dump(is_float(1e7)); //Scientific Notation
-var_dump(is_float(true));
+echo "is_float(1e7) = bool(true)";//1e7 Scientific Notation
?>
]]>
</programlisting>
&example.outputs;
<screen>
<![CDATA[
-is float
-bool(false)
-bool(false)
-bool(true)
-bool(true)
-bool(false)
+is_float(23) = bool(false)
+is_float('23') = bool(false)
+is_float(23.5) = bool(true)
+is_float('23.5') = bool(false)
+is_float('0') = bool(false)
+is_float(0) = bool(false)
+is_float(false) = bool(false)
+is_float(true) = bool(false)
+is_float(NULL) = bool(false)
+is_float('abc') = bool(false)
+is_float('') = bool(false)
+is_float(' ') = bool(false)
+is_float(1e7) = bool(true)
]]>
</screen>
</example>
=> Put this change into your patches :
https://edit.php.net/?project=php&action=putIntoMyPatches&idDB=46466
=> Delete this change:
https://edit.php.net/?project=php&action=deleteThisChange&idDB=46466
------------------------------------------------------------------
Modified: en/language/oop5/typehinting.xml
By: Steve Tauber on 2013-05-24 10:41:09
===================================================================
--- en/language/oop5/typehinting.xml
+++ en/language/oop5/typehinting.xml
@@ -19,7 +19,7 @@
<para>
Type hints can not be used with scalar types such as <type>int</type> or
<type>string</type>.
- <link linkend="language.oop5.traits">Traits</link> are not allowed either.
+ <link linkend="language.types.resource">Resources</link> and <link
linkend="language.oop5.traits">Traits</link> are not allowed either.
</para>
<example>
=> Put this change into your patches :
https://edit.php.net/?project=php&action=putIntoMyPatches&idDB=46724
=> Delete this change:
https://edit.php.net/?project=php&action=deleteThisChange&idDB=46724
------------------------------------------------------------------
Modified: en/reference/session/upload-progress.xml
By: lbarnaud on 2013-05-26 03:10:53
===================================================================
--- en/reference/session/upload-progress.xml
+++ en/reference/session/upload-progress.xml
@@ -113,6 +113,11 @@
</programlisting>
</example>
</para>
+ <warning>
+ <para>
+ The web server's request buffering has to be disabled for this to work
properly, else PHP may see the file upload only once fully uploaded. Servers
such as Nginx are known to buffer requests.
+ </para>
+ </warning>
</chapter>
=> Put this change into your patches :
https://edit.php.net/?project=php&action=putIntoMyPatches&idDB=46916
=> Delete this change:
https://edit.php.net/?project=php&action=deleteThisChange&idDB=46916
------------------------------------------------------------------
Modified: en/reference/pgsql/reference.xml
By: anonymous on 2013-05-26 14:39:35
===================================================================
--- en/reference/pgsql/reference.xml
+++ en/reference/pgsql/reference.xml
@@ -18,7 +18,7 @@
<note>
<para>
Most PostgreSQL functions accept <parameter>connection</parameter> as
- the first optional parameter. If it is not provided, the last opened
+ the optional first parameter. If it is not provided, the last opened
connection is used. If it doesn't exist, functions return &false;.
</para>
</note>
=> Put this change into your patches :
https://edit.php.net/?project=php&action=putIntoMyPatches&idDB=46976
=> Delete this change:
https://edit.php.net/?project=php&action=deleteThisChange&idDB=46976
------------------------------------------------------------------
Modified: en/reference/info/functions/ini-get.xml
By: Hans Henrik Bergan on 2013-06-11 02:08:28
===================================================================
--- en/reference/info/functions/ini-get.xml
+++ en/reference/info/functions/ini-get.xml
@@ -125,7 +125,31 @@
</para>
</note>
</refsect1>
+
+<refsect1 role="changelog">
+ &reftitle.changelog;
+ <para>
+ <informaltable>
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>&Version;</entry>
+ <entry>&Description;</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>5.3.0</entry>
+ <entry>previously, an empty string ("") was returned if the
configuration option didn't exist. now, &false; is returned instead. (related:
<a href="https://bugs.php.net/bug.php?id=46811";>PHP bug 46811</a>)
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </para>
+ </refsect1>
+
<refsect1 role="seealso">
&reftitle.seealso;
<para>
@@ -134,6 +158,7 @@
<member><function>ini_get_all</function></member>
<member><function>ini_restore</function></member>
<member><function>ini_set</function></member>
+
</simplelist>
</para>
</refsect1>
=> Put this change into your patches :
https://edit.php.net/?project=php&action=putIntoMyPatches&idDB=47191
=> Delete this change:
https://edit.php.net/?project=php&action=deleteThisChange&idDB=47191
------------------------------------------------------------------
Modified: en/reference/apc/ini.xml
By: anonymous on 2013-06-14 05:48:58
===================================================================
--- en/reference/apc/ini.xml
+++ en/reference/apc/ini.xml
@@ -70,6 +70,12 @@
<entry>PHP_INI_SYSTEM</entry>
<entry></entry>
</row>
+ <row>
+ <entry><link
linkend="ini.apc.shm-strings-buffer">apc.shm_strings_buffer</link></entry>
+ <entry>"4M"</entry>
+ <entry>PHP_INI_SYSTEM</entry>
+ <entry>Available since APC 3.1.4.</entry>
+ </row>
<row>
<entry><link
linkend="ini.apc.optimization">apc.optimization</link></entry>
<entry>"0"</entry>
@@ -316,6 +322,17 @@
</para>
</listitem>
</varlistentry>
+ <varlistentry xml:id="ini.apc.shm-strings-buffer">
+ <term>
+ <parameter>apc.shm_strings_buffer</parameter>
+ <type>string</type>
+ </term>
+ <listitem>
+ <para>
+ The size of memory to use as a shared buffer for strings used internally
by APC. Size Should be suffixed by M for megabytes, G for gigabytes. Enabling
this option will reduce the amount of memory used per PHP-FPM worker as strings
will be stored once rather than for each worker.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry xml:id="ini.apc.optimization">
<term>
<parameter>apc.optimization</parameter>
=> Put this change into your patches :
https://edit.php.net/?project=php&action=putIntoMyPatches&idDB=47235
=> Delete this change:
https://edit.php.net/?project=php&action=deleteThisChange&idDB=47235
------------------------------------------------------------------
Modified: en/reference/pgsql/functions/pg-escape-bytea.xml
By: Craig Ringer on 2013-06-16 16:54:53
===================================================================
--- en/reference/pgsql/functions/pg-escape-bytea.xml
+++ en/reference/pgsql/functions/pg-escape-bytea.xml
@@ -18,13 +18,15 @@
</methodsynopsis>
<para>
<function>pg_escape_bytea</function> escapes string for
- bytea datatype. It returns escaped string.
+ bytea datatype. It returns a PostgreSQL octal-escaped string with all
backslashes doubled for interpolation into literal SQL text.
</para>
<note>
<para>
When you <literal>SELECT</literal> a bytea type, PostgreSQL returns octal
byte values
prefixed with '' (e.g. 32). Users are supposed to convert back to
- binary format manually.
+ binary format manually. PHP <function>provides
pg_unescape_bytea</function> for this purpose;
+ it isn't the exact reverse of <literal>pg_escape_bytea</literal> since
it's supposed to operate
+ on the results returned by PostgreSQL, not the output of
<literal>pg_escape_bytea</literal>.
</para>
<para>
This function requires PostgreSQL 7.2 or later. With PostgreSQL
@@ -35,6 +37,18 @@
character encoding does not match, and there may be multi-byte
stream error. User must then cast to bytea to avoid this error.
</para>
+ <para>
+ Even on versions of PostgreSQL that support the more compact 'hex' output
style, this function emits the older and more compatible octal escape syntax.
+ </para>
+ <para>
+ Because <literal>pg_escape_bytea</literal> doubles the backslashes used in
octal escapes, you can't pass its output
+ as a parameter to the <function>pg_query_params</function>. The result
must be interpolated into an SQL string.
+ </para>
+ <para>
+ On newer PostgreSQL versions that set
<literal>standard_conforming_strings</literal> to <literal>on</literal> by
default,
+ you must use the escape-string syntax <literal>E'{$val}'</literal> so that
PostgreSQL consumes the backslashes added
+ by PHP's version of <literal>pg_escape_bytea</literal>.
+ </para>
</note>
</refsect1>
@@ -113,7 +127,7 @@
$escaped = pg_escape_bytea($data);
// Insert it into the database
- pg_query("INSERT INTO gallery (name, data) VALUES ('Pine trees',
'{$escaped}')");
+ pg_query("INSERT INTO gallery (name, data) VALUES ('Pine trees',
E'{$escaped}')");
?>
]]>
</programlisting>
=> Put this change into your patches :
https://edit.php.net/?project=php&action=putIntoMyPatches&idDB=47273
=> Delete this change:
https://edit.php.net/?project=php&action=deleteThisChange&idDB=47273
------------------------------------------------------------------
Modified: en/reference/pgsql/functions/pg-unescape-bytea.xml
By: Craig Ringer on 2013-06-16 16:59:54
===================================================================
--- en/reference/pgsql/functions/pg-unescape-bytea.xml
+++ en/reference/pgsql/functions/pg-unescape-bytea.xml
@@ -34,6 +34,10 @@
character encoding does not match, and there may be multi-byte
stream error. User must then cast to bytea to avoid this error.
</para>
+ <para>
+ <literal>pg_unescape_bytea</literal> isn't the exact reverse of
<function>pg_escape_bytea</function> since it's supposed to operate
+ on the results returned by PostgreSQL, not the output of PHP's
<literal>pg_escape_bytea</literal>.
+ </para>
</note>
</refsect1>
=> Put this change into your patches :
https://edit.php.net/?project=php&action=putIntoMyPatches&idDB=47274
=> Delete this change:
https://edit.php.net/?project=php&action=deleteThisChange&idDB=47274
------------------------------------------------------------------
Modified: en/reference/pgsql/functions/pg-query.xml
By: Craig Ringer on 2013-06-16 17:57:10
===================================================================
--- en/reference/pgsql/functions/pg-query.xml
+++ en/reference/pgsql/functions/pg-query.xml
@@ -16,7 +16,9 @@
</methodsynopsis>
<para>
<function>pg_query</function> executes the <parameter>query</parameter>
- on the specified database <parameter>connection</parameter>.
+ on the specified database <parameter>connection</parameter>.
+ <function>pg_query_params</function> should be preferred
+ in most cases.
</para>
<para>
If an error occurs, and &false; is returned, details of the error can
@@ -65,9 +67,18 @@
included in the query string. However, using multiple transactions in
one function call is not recommended.
</para>
<para>
- Data inside the query should be <link
- linkend="function.pg-escape-string">properly escaped</link>.
</para>
+ <warning>
+ <para>
+ String interpolation of user-supplied data is extremely dangerous and
is likely to lead to <link linkend="security.database.sql-injection">SQL
injection</link> vulnerabilities. You should always use
+ <function>pg_query_params</function> in preference to
<literal>pg_query</literal>, passing your
+ user-supplied values as parameters rather than substituting them into
the SQL string.
+ </para>
+ <para>
+ If you must do string interpolation, it is vital that data inside the
query is <link
+ linkend="function.pg-escape-string">properly escaped</link>.
+ </para>
+ </warning>
</listitem>
</varlistentry>
</variablelist>
=> Put this change into your patches :
https://edit.php.net/?project=php&action=putIntoMyPatches&idDB=47275
=> Delete this change:
https://edit.php.net/?project=php&action=deleteThisChange&idDB=47275
------------------------------------------------------------------
Modified: en/reference/pgsql/functions/pg-query-params.xml
By: Craig Ringer on 2013-06-16 18:07:08
===================================================================
--- en/reference/pgsql/functions/pg-query-params.xml
+++ en/reference/pgsql/functions/pg-query-params.xml
@@ -24,7 +24,9 @@
but offers additional functionality: parameter
values can be specified separately from the command string proper.
<function>pg_query_params</function> is supported only against PostgreSQL
7.4 or
- higher connections; it will fail when using earlier versions.
+ higher connections; it will fail when using earlier versions.
<function>pg_query_params</function>
+ should always be used in preference to <function>pg_query</function> as it
is faster
+ and more secure.
</para>
<para>
If parameters are used, they are referred to in the
@@ -68,6 +70,13 @@
(multiple statements separated by semi-colons are not allowed.) If any
parameters
are used, they are referred to as $1, $2, etc.
</para>
+ <para>
+ User-supplied values should always be passed as parameters, not
interpolated into the
+ query string, where they form possible <link
linkend="security.database.sql-injection">
+ SQL injection</link> attack vectors and introduce bugs when handling
data containing quotes.
+ If for some reason you cannot use a parameter, ensure that interpolated
values are <link
+ linkend="function.pg-escape-string">properly escaped</link>.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
@@ -78,6 +87,16 @@
in the original prepared query string. The number of elements in the
array
must match the number of placeholders.
</para>
+ <para>
+ Manually escaping values passed as as parameters with
<function>pg_escape_string</function>
+ is both unnecessary and incorrect. You can pass the values unchanged,
as the database driver
+ ensures that they are passed securely.
+ </para>
+ <para>
+ Values intended for <literal>bytea</literal> fields are not supported
as parameters
+ in <function>pg_query_params</function>. Use
<function>pg_escape_bytea</function> instead,
+ or use the large object functions.
+ </para>
</listitem>
</varlistentry>
</variablelist>
=> Put this change into your patches :
https://edit.php.net/?project=php&action=putIntoMyPatches&idDB=47276
=> Delete this change:
https://edit.php.net/?project=php&action=deleteThisChange&idDB=47276
------------------------------------------------------------------
--
https://edit.php.net/
This email is send automatically by the Php Docbook Online Editor.
