使用php搜索oracle数据库 [英] search oracle database using php
问题描述
这里有4个字段,一个是oprid,oprname,empid,另一个字段是email.我想按oprid,oprname,empid或电子邮件进行搜索,但是它不起作用,
Here is 4 fields one is oprid, oprname, empid and another field is email. I want to search by oprid, oprname, empid or email but it doesnt work,
警告:oci_fetch_array():ORA-24374:在获取或执行并获取之前未完成定义
Warning: oci_fetch_array(): ORA-24374: define not done before fetch or execute and fetch
<?php
{
include ('connection.php');
if(isset($_REQUEST['submit'])){
$optid = $_POST['OPRID'];
$optdec = $_POST['OPRDEFNDESC'];
$empid = $_POST['EMPLID'];
$empmail = $_POST['EMAILID'];
$query ="SELECT * FROM OPERATOR WHERE OPRID LIKE '%".$optid."%'
or OPRDEFNDESC LIKE '%".$optdec."%' or EMPLID LIKE '%".$empid."%'
or EMAILID LIKE '%".$empmail."%' ";
}
else{
$query="SELECT * FROM OPERATOR";
$objParse = oci_parse ($ora_conn, $query);
}
?>
<form action="multi.php" method="get" action="<?=$_SERVER['SCRIPT_NAME'];?>">
<table width="500" border="0" align="center">
<tr>
<th>Operator ID
<input name="OPRID" type="text" id="OPRID" value="";>
<tr>
<th>Operator Name
<input name="OPRDEFNDESC" type="text" id="OPRDEFNDESC" value="";>
<tr>
<th>Person ID
<input name="EMPLID" type="text" id="EMPLID" value="";>
<tr>
<th>Email ID
<input name="EMAILID" type="text" id="EMAILID" value="";>
<input type="submit" value="Search"></th>
</tr>
</table>
</form>
<table>
<tr>
<td>Operator ID</td>
<td>Operator Name</td>
<td>Person ID</td>
<td>Email ID</td>
</tr>
<?
while($objResult = oci_fetch_array($objParse, OCI_RETURN_NULLS+OCI_ASSOC))
{
?>
<tr>
<td><div align="center"><?=$objResult["OPRID"];?></div></td>
<td><?=$objResult["OPRDEFNDESC"];?></td>
<td><?=$objResult["EMPLID"];?></td>
<td><div align="center"><?=$objResult["EMAILID"];?></div></td>
<td align="center"><a href="Optr_Edit.php?OprID=<?=$objResult["OPRID"];?>">Edit</a>
</td>
</tr>
<?
}
?>
</table>
<?
oci_free_statement($objParse);
oci_close($ora_conn);
}
?>
</body>
</html>
推荐答案
必须先执行查询,然后才能尝试获取行. oci_parse()
不执行给定的查询.
The query must be executed before you can try to fetch rows. oci_parse()
does not execute the given query.
在获取之前添加执行调用:
Add the execute call before you fetch:
$success = oci_execute($objParse);
此外,在if
的第一段中,您不会调用oci_parse()
.它仅在else
中调用.更改为在所有情况下都拨打oci_parse()
.
Also, in the first block of your if
, you don't call oci_parse()
. It's only called in the else
. Change to call oci_parse()
for all conditions.
您的查询容易受到SQL注入的攻击,因为您将原始POST数据连接到其中.为防止SQL注入,请使用绑定参数:
Your query is vulnerable to SQL Injection because you concatenate raw POST data into it. To prevent SQL Injection, use bound parameters:
$optid = '%' . $_POST['OPRID'] . '%';
$optdec = '%' . $_POST['OPRDEFNDESC']. '%';
$empid = '%' . $_POST['EMPLID']. '%';
$empmail = '%' . $_POST['EMAILID']. '%';
$query ="SELECT * FROM OPERATOR WHERE OPRID LIKE :optid
or OPRDEFNDESC LIKE '%:optdec%' or EMPLID LIKE :empid
or EMAILID LIKE :empemail ";
$objParse = oci_parse ($ora_conn, $query);
oci_bind_by_name($objParse, ':optid', $optid);
oci_bind_by_name($objParse, ':optdec', $optdec);
oci_bind_by_name($objParse, ':empid', $empid);
oci_bind_by_name($objParse, ':empemail', $empemail);
$success = oci_execute($objParse);
这篇关于使用php搜索oracle数据库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!