drevls8138
drevls8138
2016-02-09 12:51

将PHP变量传递给oci_parse中的sql查询

已采纳

I am passing a PHP varibale into a oracle sql query. but its not taking it properly giving me ORA errors like - invalid character. I tried escaping the varibale as \'$sid\', this makes error go, but the query doesnt return anything. Is there a way to pass PHP variable to oracle query

if(isset($_POST['action']))
{
   $sid = $_POST['action'];
   $stid = oci_parse($conn, 'SELECT emp from table emp='$sid'');
   oci_execute($stid);
}

I have removed to the database connection part for brevity.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

1条回答

  • douying6206 douying6206 5年前

    'SELECT emp from table emp=\'$sid\'' is a string that you pass exactly as it is to Oracle, this is why it doesn't work.

    You need to use oci_bind_by_name to bind a placeholder to a PHP variable.

    Example:

    $variable = 42;
    $stid = oci_parse($conn, 'SELECT col_name FROM tbl_name WHERE col_name > :num;');
    oci_bind_by_name($stid, ":num", $variable);
    oci_execute($stid);
    
    点赞 评论 复制链接分享