使用php搜索oracle数据库 [英] search oracle database using php

问题描述

这里有4个字段，一个是oprid，oprname，empid，另一个字段是email.我想按oprid，oprname，empid或电子邮件进行搜索，但是它不起作用，

Here is 4 fields one is oprid, oprname, empid and another field is email. I want to search by oprid, oprname, empid or email but it doesnt work,

警告:oci_fetch_array():ORA-24374:在获取或执行并获取之前未完成定义

Warning: oci_fetch_array(): ORA-24374: define not done before fetch or execute and fetch

  <?php
   {
   include ('connection.php');
   if(isset($_REQUEST['submit'])){

  $optid = $_POST['OPRID'];
  $optdec = $_POST['OPRDEFNDESC'];
  $empid = $_POST['EMPLID'];
  $empmail = $_POST['EMAILID'];
   $query ="SELECT  * FROM OPERATOR WHERE OPRID LIKE '%".$optid."%'  
        or OPRDEFNDESC LIKE '%".$optdec."%' or EMPLID LIKE '%".$empid."%'
        or EMAILID LIKE '%".$empmail."%' "; 

        }
   else{
$query="SELECT * FROM OPERATOR";
$objParse = oci_parse ($ora_conn, $query);
   }
   ?>

<form action="multi.php" method="get" action="<?=$_SERVER['SCRIPT_NAME'];?>">
 <table width="500" border="0" align="center">  
<tr>  
 <th>Operator ID
   <input name="OPRID" type="text" id="OPRID" value="";>  
  <tr>  
 <th>Operator Name
 <input name="OPRDEFNDESC" type="text" id="OPRDEFNDESC" value="";>  
 <tr>  
  <th>Person ID
  <input name="EMPLID" type="text" id="EMPLID" value="";>  
   <tr>  
  <th>Email ID
   <input name="EMAILID" type="text" id="EMAILID" value="";>  
  <input type="submit" value="Search"></th>  
   </tr>  
   </table>  
  </form> 
  <table>
   <tr>
    <td>Operator ID</td>
    <td>Operator Name</td>
    <td>Person ID</td>
     <td>Email ID</td>
  </tr>
 <?  

 while($objResult = oci_fetch_array($objParse, OCI_RETURN_NULLS+OCI_ASSOC)) 
 {  
?>  
<tr>  
<td><div align="center"><?=$objResult["OPRID"];?></div></td>  
 <td><?=$objResult["OPRDEFNDESC"];?></td>  
  <td><?=$objResult["EMPLID"];?></td>  
 <td><div align="center"><?=$objResult["EMAILID"];?></div></td> 
 <td align="center"><a  href="Optr_Edit.php?OprID=<?=$objResult["OPRID"];?>">Edit</a>              

</td> 
 </tr>  
 <?  
  }  
 ?>  
 </table>  
   <?  
oci_free_statement($objParse);
 oci_close($ora_conn); 
 }
 ?>  
 </body>  
 </html> 

推荐答案

必须先执行查询，然后才能尝试获取行. oci_parse()不执行给定的查询.

The query must be executed before you can try to fetch rows. oci_parse() does not execute the given query.

在获取之前添加执行调用:

Add the execute call before you fetch:

$success = oci_execute($objParse);

此外，在if的第一段中，您不会调用oci_parse().它仅在else中调用.更改为在所有情况下都拨打oci_parse().

Also, in the first block of your if, you don't call oci_parse(). It's only called in the else. Change to call oci_parse() for all conditions.

您的查询容易受到SQL注入的攻击，因为您将原始POST数据连接到其中.为防止SQL注入，请使用绑定参数:

Your query is vulnerable to SQL Injection because you concatenate raw POST data into it. To prevent SQL Injection, use bound parameters:

$optid = '%' . $_POST['OPRID'] . '%';
$optdec = '%' . $_POST['OPRDEFNDESC']. '%';
$empid = '%' . $_POST['EMPLID']. '%';
$empmail = '%' . $_POST['EMAILID']. '%';

$query ="SELECT  * FROM OPERATOR WHERE OPRID LIKE :optid  
    or OPRDEFNDESC LIKE '%:optdec%' or EMPLID LIKE :empid
    or EMAILID LIKE :empemail "; 

$objParse = oci_parse ($ora_conn, $query);

oci_bind_by_name($objParse, ':optid', $optid);
oci_bind_by_name($objParse, ':optdec', $optdec);
oci_bind_by_name($objParse, ':empid', $empid);
oci_bind_by_name($objParse, ':empemail', $empemail);

$success = oci_execute($objParse);

这篇关于使用php搜索oracle数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！