search

Home  >  Q&A  >  body text

Passing PHP variables to SQL query in oci_parse

I'm passing PHP variables into an Oracle SQL query. But it's not treating it properly and giving me ORA errors like - invalid character. I tried escaping the variable to "$sid" which makes the error go away, but the query returns nothing. Is there a way to pass PHP variables to oracle query

if(isset($_POST['action']))
{
   $sid = $_POST['action'];
   $stid = oci_parse($conn, 'SELECT emp from table emp='$sid'');
   oci_execute($stid);
}

For the sake of brevity, I removed the database connection part.

P粉107772015P粉107772015422 days ago769

reply all(1)I'll reply

  • P粉262926195

    P粉2629261952023-11-05 11:26:35

    'SELECT emp from table emp=\'$sid\'' is a string that you pass to Oracle exactly as-is, which is why it doesn't work.

    You need to bind the placeholder to a PHP variable using oci_bind_by_name .

    Example:

    $variable = 42;
    $stid = oci_parse($conn, 'SELECT col_name FROM tbl_name WHERE col_name > :num;');
    oci_bind_by_name($stid, ":num", $variable);
    oci_execute($stid);

    reply
    0
  • Cancelreply