This is a useful function for preventing SQL injection attacks, so, for those of us who are not yet able to upgrade to PHP5.1, here is a replacement function which works similarly on older versions of PHP...
<?php # Parameterised query implementation for Postgresql and older versions of PHP
if( !function_exists( 'pg_query_params' ) ) {
function pg_query_params__callback( $at ) {
global $pg_query_params__parameters;
return $pg_query_params__parameters[ $at[1]-1 ];
}
function pg_query_params( $db, $query, $parameters ) {
// Escape parameters as required & build parameters for callback function
global $pg_query_params__parameters;
foreach( $parameters as $k=>$v )
$parameters[$k] = ( is_int( $v ) ? $v : "'".pg_escape_string( $v )."'" );
$pg_query_params__parameters = $parameters;
// Call using pg_query
return pg_query( $db, preg_replace_callback( '/\$([0-9]+)/', 'pg_query_params__callback', $query ) );
}
}
// Example: pg_query_params( $db_resource, "SELECT * FROM table WHERE col1=$1 AND col2=$2", array( 42, "It's ok" ) );
?>