Thanks for the reply!
pg_query_params() should have been made binary-safe, but it isn't. It only accepts and passes 'text' mode arguments to PostgreSQL. So you cannot put raw bytea data into a query parameter.
Hmmm... Disappointing. Will pg_query_params ever become binary safe? I'm evaluating Postgres as an alternative to Oracle, so that's where the majority of my experience lies.
you need for a non-parameterized query, like "INSERT INTO mytable (bd) VALUES ('$data')" where bd is a bytea column, and $data went through pg_escape_bytea().
Understood. I do not like for several reasons that method of inserting data. It exposes me to SQL injection attacks, it's very inefficient (in Oracle, anyway -- perhaps you can correct me where Postgres is concerned), it seems uncharacteristic of a database with the qualities of Postgres, I can't have all my queries in a single source file, and I can't take advantage of the ease with which I can handle binary data with a bytea field.
To me, this means that you should probably do non-parameterized queries instead, with pg_query() and pg_escape_bytea(), with your bytea data.
Would there be any advantage to simply using a text field and base64 encoding and decoding the binary data? I really don't want to use non-parameterized queries. -- Gary Chambers // Nothing fancy and nothing Microsoft!