(PHP 4 >= 4.2.0, PHP 5)
pg_escape_string — Escape a string for query
$connection
   ], string $data
   )pg_escape_string() escapes a string for querying the database. It returns an escaped string in the PostgreSQL format without quotes. pg_escape_literal() is more preferred way to escape SQL parameters for PostgreSQL. addslashes() must not be used with PostgreSQL. If the type of the column is bytea, pg_escape_bytea() must be used instead. pg_escape_identifier() must be used to escape identifiers (e.g. table names, field names)
Note:
This function requires PostgreSQL 7.2 or later.
connection
       PostgreSQL database connection resource.  When 
       connection is not present, the default connection 
       is used. The default connection is the last connection made by 
       pg_connect() or pg_pconnect().
      
dataA string containing text to be escaped.
A string containing the escaped data.
| Version | Description | 
|---|---|
| 5.2.0 | connectionadded | 
Example #1 pg_escape_string() example
<?php 
  // Connect to the database
  $dbconn = pg_connect('dbname=foo');
  
  // Read in a text file (containing apostrophes and backslashes)
  $data = file_get_contents('letter.txt');
  
  // Escape the text data
  $escaped = pg_escape_string($data);
  
  // Insert it into the database
  pg_query("INSERT INTO correspondence (name, data) VALUES ('My letter', '{$escaped}')");
?>