Use of Complex (curly) Syntax in external file

Question

I am having a problem with getting an sql query to interpolate as I would want, and would be grateful for some help please.

Within the manual page for pg_query_params,there is a code example for pg_query() passing a variable using curly braces. This appeared to be exactly what I need for my task. So, my code is as follows:

$fh = fopen('/home/www/KPI-Summary.sql',"r")
      or die("Problem opening SQL file.\n");
$dbh = pg_connect("$connect")
      or die('Could not connect: ' . pg_last_error());
$j = 0;
while (($line = fgets($fh)) !== false) {
    $tmp[$j] = array();                         // Initialise temporary storage.
    $result = pg_query($dbh, $line);            // process the line read.
    if (!$result) { echo "Error: query did not execute"; }
...
    while ($row = pg_fetch_row($result)) {      // Read sql result.
        $tmp[$j][2][] = $row;
        }
    $j++;
    }
fclose($fh);

The sql file contains several queries, one per line, like this:

SELECT count(*) from table WHERE value=0 AND msgid='{$arg[1]}';

However, currently, my variable is not being replaced by the contents -- and therefore although the query runs OK, it is returning zero rows. What do I need to do in order to get the expected result? (Note: each sql line varies, and the query parameters are not constant -- hence using variable(s) within the sql file.)

Answer 1

did you use pg_escape_string?

$arg[1] = pg_escape_string($arg[1]);
$line="SELECT count(*) from table WHERE value=0 AND msgid='{$arg[1]}';";