Community Learn Tools Library Leisure
search
English
Passing PHP variables to SQL query in oci_parse
P粉107772015
P粉107772015 2023-11-04 12:38:22
0
1
764

I'm passing PHP variables into an Oracle SQL query. But it's not treating it properly and giving me ORA errors like - invalid character. I tried escaping the variable to "$sid" which makes the error go away, but the query returns nothing. Is there a way to pass PHP variables to oracle query

if(isset($_POST['action']))
{
   $sid = $_POST['action'];
   $stid = oci_parse($conn, 'SELECT emp from table emp='$sid'');
   oci_execute($stid);
}

For the sake of brevity, I removed the database connection part.

P粉107772015
P粉107772015

reply all(1)
P粉262926195
P粉2629261952023-11-05 11:26:35 1 floor

'SELECT emp from table emp=\'$sid\'' is a string that you pass to Oracle exactly as-is, which is why it doesn't work.

You need to bind the placeholder to a PHP variable using oci_bind_by_name .

Example:

$variable = 42;
$stid = oci_parse($conn, 'SELECT col_name FROM tbl_name WHERE col_name > :num;');
oci_bind_by_name($stid, ":num", $variable);
oci_execute($stid);
Like +0
Add Reply
Popular Topics
More>
Popular Articles
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template