|
|
S-102: TYPO3 Vulnerabilities
|
|
PG_DELETE(3) PG_DELETE(3) pg_delete - Deletes records SYNOPSIS
mixed pg_delete (resource $connection, string $table_name, array $assoc_array, [int $options = PGSQL_DML_EXEC]) DESCRIPTION
pg_delete(3) deletes records from a table specified by the keys and values in $assoc_array. If $options is specified, pg_convert(3) is applied to $assoc_array with the specified options. PARAMETERS
o $connection - PostgreSQL database connection resource. o $table_name - Name of the table from which to delete rows. o $assoc_array - An array whose keys are field names in the table $table_name, and whose values are the values of those fields that are to be deleted. o $options - Any number of PGSQL_CONV_FORCE_NULL, PGSQL_DML_NO_CONV, PGSQL_DML_ESCAPE, PGSQL_DML_EXEC, PGSQL_DML_ASYNC or PGSQL_DML_STRING combined. If PGSQL_DML_STRING is part of the $options then query string is returned. When PGSQL_DML_NO_CONV or PGSQL_DML_ESCAPE is set, it does not call pg_convert(3) internally. RETURN VALUES
Returns TRUE on success or FALSE on failure. Returns string if PGSQL_DML_STRING is passed via $options. EXAMPLES
Example #1 pg_delete(3) example <?php $db = pg_connect('dbname=foo'); // This is safe, since $_POST is converted automatically $res = pg_delete($db, 'post_log', $_POST); if ($res) { echo "POST data is deleted: $res "; } else { echo "User must have sent wrong inputs "; } ?> CHANGELOG
+-------------+---------------------------------------------------+ | Version | | | | | | | Description | | | | +-------------+---------------------------------------------------+ | 5.6.0 | | | | | | | No longer experimental. Added PGSQL_DML_ESCAPE | | | constant, TRUE/ FALSE and NULL data type support. | | | | |5.5.3/5.4.19 | | | | | | | Direct SQL injection to $table_name and Indirect | | | SQL injection to identifiers are fixed. | | | | +-------------+---------------------------------------------------+ SEE ALSO
pg_convert(3). PHP Documentation Group PG_DELETE(3)
