Andre C
Reputation: 1
Select with where param in php and oracle
I'm doing a select with where via PHP and Oracle, when I get the parameter an error occurs:
Warning: oci_execute(): ORA-00911: invalid character in C:\xampp\htdocs\projeto\includes\Read.php on line 52 Warning: oci_fetch_array(): ORA-24374: define not done before fetch or execute and fetch in C:\xampp\htdocs\projeto\index.php on line
If I pass the direct parameter works normally, as commented line, it works.
public function readAnexos($CDLICITACAO) {
try {
//$id = '012103';
$id = $CDLICITACAO;
$sql_query = "SELECT * FROM TBLICITCAO WHERE CDLICITACAO = $id";
$stid = oci_parse($this->db, $sql_query);
oci_execute($stid);
return $stid;
} catch (Exception $e) {
echo $e->getMessage() . "<br>Error na linha: ";
echo "<b>" . $e->getTraceAsString()."</b>";
parent::fechar();
}
}
Upvotes: 0
Views: 134
Answers (1)
Christopher Jones
Reputation: 10586
It's really important to use bind variables. This is for security and performance.
Try at least:
$sql_query = "SELECT * FROM TBLICITCAO WHERE CDLICITACAO = :id";
$stid = oci_parse($this->db, $sql_query);
oci_bind_by_name($stid, ":id", $CDLICITACAO);
oci_execute($stid);
Upvotes: 2
Related Questions
- PDO simple select query using Oracle database
- oracle select query with where clause returns incomplete record when run using php script
- How to SELECT data from Oracle database using PHP
- SQL SELECT statement in PHP
- Trouble with using a php array in SQL WHERE clause
- PHP SELECT where
- SQL Query Works, But Not In PHP
- Select in php with the clause WHERE
- Oracle SELECT statement not working - ORA-00942
- selecting record from oracle