I'm working on a web application that parses GPX files and enters the contents into a database as Geography objects. Seeing how incoming files can be potentially insecure, I was hoping to use prepared statements for this. These files can contain multiple track segments, so I am using MULTILINESTRING as the content type.
Normally I would make a geography object in db (postgres) using something like this:
ST_GeographyFromText('MULTILINESTRING((lon lat, lon lat), (lon lat, lon lat, lon lat))')I will create the sequence of lines and points by iterating through the GPX object, but what's a good way to make the insertion statement safe? I tried:
$result = pg_prepare("query", 'insert into geogs (title, setID, geog, order) values ($1, $2, ST_GeographyFromText($3), $4) returning id');But the $result is a boolean false. Is there any way to use prepared statements to achieve this?
أكثر...
Normally I would make a geography object in db (postgres) using something like this:
ST_GeographyFromText('MULTILINESTRING((lon lat, lon lat), (lon lat, lon lat, lon lat))')I will create the sequence of lines and points by iterating through the GPX object, but what's a good way to make the insertion statement safe? I tried:
$result = pg_prepare("query", 'insert into geogs (title, setID, geog, order) values ($1, $2, ST_GeographyFromText($3), $4) returning id');But the $result is a boolean false. Is there any way to use prepared statements to achieve this?
أكثر...