How can i insert a url with PHP into ORACLE? - php

i'm using php to insert URLs into oracle.
i'm having a problem inserting urls in this format in the column ENDPOINT : http://lx2939:37080/Cougar/prod/api
it's saved in this format in the database: http://lx2939?/Cougar/prod/api
This is the PHP code i'm using
$query = "INSERT INTO RECENTTESTS
(EMAIL, FILENAME, SOR, RECIPIENTS, LAUNCHALL,
ENDPOINT, ORGOID, ASSOCIATEOID, ROLECODE, REALM, CONSUMERAPPOID)
VALUES ('" . $email . "', '" . $fileNameInput . "', '" . $sor . "',
'" . $recipients . "', '" . $launchAll . "','" . $endpoint . "',
'" . $orgOID . "','" . $associateOID . "','" . $rolecode . "',
'" . $realm . "','" . $consumeOID . "')";
$stid = oci_parse($conn, $query);
oci_execute($stid);
Could you please help me with this issue?
PS : When i execute the query directly into oracle it works as expected


You could fix 2 issues in one here.
Using a prepared parameterised query would almost definitely fix the issue you are having with the conversion of :37080 to a ? and also remove the likely SQL Injection Issues in your code
$query = "INSERT INTO RECENTTESTS
(EMAIL, FILENAME, SOR, RECIPIENTS, LAUNCHALL,
ENDPOINT, ORGOID, ASSOCIATEOID, ROLECODE, REALM, CONSUMERAPPOID)
VALUES (:EMAIL, :FILENAME, :SOR, :RECIPIENTS, :LAUNCHALL,
:ENDPOINT, :ORGOID, :ASSOCIATEOID, :ROLECODE, :REALM,
:CONSUMERAPPOID)";
$stid = oci_parse($conn, $query);
oci_bind_by_name($stid, ":EMAIL", $email);
oci_bind_by_name($stid, ":FILENAME", $fileNameInput);
oci_bind_by_name($stid, ":SOR", $sor);
oci_bind_by_name($stid, ":RECIPIENTS", $recipients);
oci_bind_by_name($stid, ":LAUNCHALL", $launchAll);
oci_bind_by_name($stid, ":ENDPOINT", $endpoint);
oci_bind_by_name($stid, ":ORGOID", $orgOID);
oci_bind_by_name($stid, ":ASSOCIATEOID", $associateOID);
oci_bind_by_name($stid, ":ROLECODE", $rolecode);
oci_bind_by_name($stid, ":REALM", $realm);
oci_bind_by_name($stid, ":CONSUMERAPPOID", $consumeOID);
oci_execute($stid);
You may also find it useful to read a little about catching and processing errors https://docs.oracle.com/cd/E17781_01/appdev.112/e18555/ch_seven_error.htm#TDPPH165

Related

Can't insert now() in PHP

I am a beginner programmer trying to insert the the now() value into my field date. I have achieved this before and copied the structure word by word but still does not work. I have also viewed other stackoverflow questions and I think that my database structure is correct. Here is INSERT php code:
try{
$conn = new mysqli("xxxxx", "xxxxx", "xxxxxxxx", "xxxxxxx");
$userid = $_GET['userid'];
$title = $_GET['title'];
$comment = $_GET['comment'];
$query = "INSERT into enquiries (userid, title, comment, Resolved, date)
values ('" . addslashes($userid) . "','" . addslashes($title) . "','" . addslashes($comment) . "', N, now() )";
$result = $conn->query($query);
if (!$result){
$json_out = "[" . json_encode(array("result"=>0)) . "]";
}
else {
$json_out = "[" . json_encode(array("result"=>1)) . "]";
}
echo $json_out;
$conn->close();
}
This set of codes worked and inserted values before I added now()
Here is my table structure:
Here is my other table structure that inserted now() just fine:

Your "Resolved" value needs to be in quotes, because you have it defined as a varchar. This would be the case for any of the "char" family of datatypes.
$query = "INSERT into enquiries (userid, title, comment, Resolved, date)
values ('" . addslashes($userid) . "','" . addslashes($title) . "','" . addslashes($comment) . "', 'N', now() )";
Hope this helps!

Sometimes database has some restrictions.. So try using like this NOW() than now() or else use CURDATE().

MySQL Insert statement not executing

I am trying to run an mySQL insert statement like so:
function insertAppointment($connection, $id, $firstname, $lastname, $email, $phone, $date, $time){
$sql = "INSERT INTO `appointments` (firstname, lastname, email, phone, app_date, app_time) VALUES ('" . $id . "', '" . $firstname . "', '" . $lastname . "', '" . $email . "', " . $date . ", " . $time . ")";
$connection->query($sql);
}
$connection is my connection string, which is not the problem. I am able to use it for select statement like so:
function getTakenDates($connection){
$query = mysqli_query($connection, "SELECT app_date, app_time FROM `appointments`");
$results = array();
while($row = mysqli_fetch_assoc($query)){
$results[] = $row;
}
return $results;
}

You are vulnerable to SQL injection attacks, and are creating an incorrect query with your $date/$time values:
INSERT .... VALUES (..., 2014-11-10, 14:58:00)
since your date value is unquoted, you'll actually be trying to insert the result of that math operation (remember - is SUBTRACTION if it's not in a string), and 14:58:00 is a totally invalid number - mysql has no idea what those : chars are.
You want
$sql = "[..snip..] "', '" . $date . "', '" . $time . "')";
^-------------^--^-------------^----
instead. note the extra quotes. That'll produce
INSERT .... VALUES (..., '2014-11-10', '14:58:00')

MySQL Syntax Error WITH emails

I am trying to get POST'ed form variables and mySQL is throwing an error when trying to insert them. I can't figure for the life of me why. Hopefully someone can help out.
function submitFound(){
global $dbc;
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
$query =
"INSERT INTO found1
(fname, lname, email, phone, name, color, make, model, sizes, info, location)
VALUES
(" .
mysql_real_escape_string($_POST['fname']) . "," .
mysql_real_escape_string($_POST['lname']) . "," .
mysql_real_escape_string($_POST['email']) . "," .
mysql_real_escape_string($_POST['phone']) . "," .
mysql_real_escape_string($_POST['name']) . "," .
mysql_real_escape_string($_POST['color']) . "," .
mysql_real_escape_string($_POST['make']) . "," .
mysql_real_escape_string($_POST['model']) . "," .
mysql_real_escape_string($_POST['size']) . "," .
mysql_real_escape_string($_POST['info']) . "," .
mysql_real_escape_string($_POST['location']). ")";
$results = mysqli_query($dbc, $query);
check_results($results);
//return $mysqli_insert_id($dbc);
mysqli_free_result($results);
}
}
That is the function that is submitting the information. (Generic information about an item. This is the mySQL error getting thrown.
MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '#gmail.com,444-444-4444,Book,#000040,NA,NA,Large,Nothing special,Byrne House)' at line 4
This is what I input in the form. http://puu.sh/8l35Z.png
So yeah, any help would be great. Not sure if it is just something stupid. My eyes are starting to cross :P
Thanks in advance.
EDIT*
Fixed the Strings but am still getting an error:
New Code:
$query =
"INSERT INTO found1
(fname, lname, email, phone, name, color, make, model, sizes, info, location)
VALUES
('" .
mysql_real_escape_string($_POST['fname']) . "','" .
mysql_real_escape_string($_POST['lname']) . "','" .
mysql_real_escape_string($_POST['email']) . "','" .
mysql_real_escape_string($_POST['phone']) . "','" .
mysql_real_escape_string($_POST['name']) . "','" .
mysql_real_escape_string($_POST['color']) . "','" .
mysql_real_escape_string($_POST['make']) . "','" .
mysql_real_escape_string($_POST['model']) . "','" .
mysql_real_escape_string($_POST['size']) . "','" .
mysql_real_escape_string($_POST['info']) . "','" .
mysql_real_escape_string($_POST['location']). "')'";
MySQL error: MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 4

As John Conde mentioned, you need to add quotes around your values, your error message shows this.
#gmail.com,444-444-4444,Book,#000040,NA,NA
Notice the missing quotes, it should look like this
'#gmail.com','444-444-4444','Book','#000040','NA','NA'
Try this
VALUES
('" .
mysql_real_escape_string($_POST['fname']) . "','" .
mysql_real_escape_string($_POST['lname']) . "','" .
mysql_real_escape_string($_POST['email']) . "','" .

How to save the data in the array directly to the database? with php

For example:
array('u_ad'=>'example name','u_mail'=>'example#mail.com','u_sifre'=>'exapmlepass')
Required query:
$sql = "INSERT INTO uyeler
(u_ad,u_mail,u_sifre)
VALUES
('example name','example#mail.com','examplepass')";
How I do that?

$sql = "INSERT INTO uyeler (". implode(",", array_keys($array)) .") VALUES ('". implode("','", $array) ."')";

Quick/dirty/unsafe:
$sql = "INSERT INTO uyeler (u_ad,u_mail,u_sifre) VALUES ('" . $theArray['u_ad'] . "','" . $theArray['u_mail'] . "','" . $theArray['u_sifre'] . "')";
Better:
$ad = mysql_real_escape_string($theArray['u_ad']);
$mail = mysql_real_escape_string($theArray['u_mail']);
$sifre = mysql_real_escape_string($theArray['u_sifre']);
$sql = "INSERT INTO uyeler (u_ad,u_mail,u_sifre) VALUES ('" . $ad . "','" . $mail . "','" . $sifre . "')";

Don't mess around with escaping! You should be using prepared statements where possible, and using PDO is a good way to do it.
See:
Why you Should be using PHP’s PDO for Database Access
ext/mysqli: Part I - Overview and Prepared Statements

SELECT LAST_INSERT_ID() *updated

I'm looking to use SELECT LAST_INSERT_ID()
Am using a form to have a user input values. With the first insert I need to get the last inserted id for the next insert... I have not figured out how to get the last selected id and then pass it into my 2nd insert statement
I have updated my code though I still can not get the id to post into the table
include("config.inc.php");
$link = mysql_connect($db_host,$db_user,$db_pass);
if(!$link) die ('Could not connect to database: '.mysql_error());
mysql_select_db($db_name,$link);
$query = "INSERT into `".$db_table."` (producer_id,series_id,lang_id,title_name,title_public_access) VALUES ('" . $_POST['producer_id'] . "','" . $_POST['series_id'] . "','" . $_POST['lang_id'] . "','" . $_POST['title_name'] . "','" . $_POST['title_public_access'] . "')";
$last_id = mysql_insert_id();
$query = "INSERT into `".$db_table2."` (seg_id, file_video_UNC,file_video_URL) VALUES ('" . '$last_id' . "','" . $_POST['file_video_UNC'] . "','" . $_POST['file_video_URL'] . "')";
mysql_query($query);
mysql_close($link);

There's a function for that, called mysql_insert_id().
... first query here ...
$last_id = mysql_insert_id();
$sql = "INSERT INTO $db_table SET
file_video = " . $_POST['file_video_UNC'].",
file_video_URL = " . $_POST['file_video_URL'] . ",
insert_id_of_first_query = $last_id";
...
Your updated code doesn't send the query to database - as a result no INSERT, so no LAST_INSERT_ID
$query = "INSERT into ".$db_table."
(producer_id,series_id,lang_id,title_name,title_public_access) VALUES
('" . $_POST['producer_id'] . "','"
. $_POST['series_id'] . "','"
. $_POST['lang_id'] . "','" . $_POST['title_name'] . "','"
. $_POST['title_public_access'] . "')";
mysql_query($query); /* YOU FORGOT THIS PART */
$last_id = mysql_insert_id();

You can't just dump a query into a string on its own in a line of PHP. You should have used LAST_INSERT_ID() inside your second query or, better, use PHP's mysql_insert_id() function which wraps this for you in the API.

In the line:
$query = "INSERT into `".$db_table2."` (seg_id, file_video_UNC,file_video_URL) VALUES ('" . '$last_id' . "','" . $_POST['file_video_UNC'] . "','" . $_POST['file_video_URL'] . "')";
I think VALUES ('" . '$last_id' . "', should just be VALUES ('" . $last_id . "', without the single quotes around the variable.

Categories