We Keep Coding

oci_bind_by_name not working when unescaped works

Working on an UPDATE query for an Oracle database. The field in question is of the type NCHAR(25), which accepts a 25 character UTF-8 byte string. My input values are in ASCII which should work no problem.
The following snippet uses the oci_bind_by_name function to escape the variable in the WHERE clause and insert into the placeholder variable :herp.
$sql = "UPDATE MYTABLE SET OPT = '1' WHERE FIELD = :herp";
$stmt = oci_parse($this->conn, $sql);
oci_bind_by_name($stmt, ":herp", $record['value'], -1, SQLT_CHR);
This next snippet does not use the oci_bind_by_name function and instead inserts the variable into the SQL statement unescaped (YOLO).
$sql = "UPDATE MYTABLE SET OPT = '1' WHERE FIELD = '".$record['value']."'";
$stmt = oci_parse($this->conn, $sql);
My problem
The first snippet does not work, while the second one works fine, i.e. the UPDATE statement succeeds every time on the second method while it fails every time on the first.
Both versions of the UPDATE should work. However when I use the oci_bind_by_name function for a few fields, somehow the variable is getting changed. (I am doing more rigorous error checking in the actual code).
My question
What is going on here? How can I still use the oci_bind_by_name instead of just concatenating the variable directly into the SQL statement?

Per the developers:
Neither PHP OCI8 or PDO_OCI support NVARCHAR, NCHAR or NCLOB types.

MySQL query working in phpmyadmin but not in php

I want to select data from a table in MySQL.
My code in php:
$conn = mysqli_connect($db_server, $db_benutzer, $db_passwort, $db_name);
$results= mysqli_query($conn, "SELECT * FROM `test` WHERE russia = 'привет'");
if(mysqli_num_rows($results) > 0) {
echo "Results";
}
else {
echo "No results";
}
mysqli_close($conn);
Here I'm getting "No results". But when I run the SELECT-code directly in phpmyadmin i get a result.
What's wrong?
Thank you

You have cyrillic characters in your query, so it may be necessary to set mySQL connection encoding. If you are using utf-8, insert following line after mysqli_connect:
mysqli_query($conn, "SET NAMES 'utf8'");
Or if your script is saved in windows-1251, use the following: mysqli_query($conn, "SET NAMES 'cp1251'");
For more information about connection character sets and encodings please see the manual
And why does the query work in phpMyAdmin? Because it probably sets encoding for you in the background.

You won't get 0 results in any way,you either get results or no results.
2.try removing the quotes from the table name
Check for any Encoding issues with the connection encoding and that the data on the value of column russia is parsed as something else.
Try executing the following query before executing your main query
mysqli_query($conn,"SET character_set_results='utf8',character_set_client='utf8',character_set_connection='utf8',character_set_database='utf8',character_set_server='utf8'");
The problems arise if there are Encoding issues in the connection.

MySQL Table Update Error

I'm almost sorry to ask this question but I'm drawing a complete blank. I'm getting the following error:
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE number='7'' at line 1"
It seems whenever I try to use just an integer in the following code, I get the syntax error;
$go = mysql_query("UPDATE $db1 SET count='$t1c', WHERE number='$input2'") or die(mysql_error());
As you can see the page gets the value, that's not the issue.. it just doesn't seem to like the WHERE = 7 part. I've tried with and without the quote marks, I've tried changing that column in the table from a int to a varchar. Still get the same thing yet the code BEFORE this piece that runs:
$check1 = mysql_query("SELECT * FROM $db1 WHERE number='$input2'");
Run's absolutely fine. It finds the value where number equals $input2...
Can someone help me PLEASE? I'm drawing a complete blank here :/

Remove the , in the query:
mysql_query("UPDATE $db1 SET count='$t1c' WHERE number='$input2'");

Remove comma(,) which is placed before WHERE in UPDATE query
$go = mysql_query("UPDATE $db1 SET count='$t1c' WHERE number='$input2'") or die(mysql_error());

Change
"UPDATE $db1 SET count='$t1c', WHERE number='$input2'"
to
"UPDATE $db1 SET count='$t1c' WHERE number='$input2'"
The comma shouldn't be there (before WHERE) and is causing an error.

number is a reserved word in mysql sql
it is better not to name columns with that words or you need to backtick them in query
example:
`number`=3
mysql reserved words

empty result from mysql with “\” and “-” in query

i have SQL query :
SELECT count(art),art,art_manufacturer,group_manufacturer
FROM goods
WHERE art_manufacturer = 'ГКБ-44/150'
when i using phpMyAdmin, result of query is:
1, 950000258, ГКБ-44/150, Интерскол
my php file contain:
$art="ГКБ-44/150";\\debug
$query = "SELECT art,art_manufacturer,group_manufacturer FROM goods WHERE art_manufacturer = '".$art."'";
$sql = mysql_query($query);
while ($recResult = mysql_fetch_array($sql))
{ \*do somting*\ }
where is my mistake? why the result of query in php is empty?
my solution
i had mysql_query("SET NAMES cp1251"); in my code
when i start use mysqli i commented mysql_query("SET NAMES cp1251");
mistakenly i thought mysqli is solution, after i discommented mysql_query("SET NAMES cp1251"); i got problem again.
So what's happend?
my PHP file in UTF-8 and when i use mysql_query("SET NAMES cp1251"); i had SELECT art,art_manufacturer,group_manufacturer FROM goods WHERE art_manufacturer = "ГКБ-44/150"; query to mysql DB

It's empty because these are specially reserved characters interpreted by PHP/SQL. I would suggest you take a look at parameterised queries or PDO, they will escape strings for you as part of their function.
EDIT: Also it could be that the encoding of your server doesn't accept Unicode characters. I would ensure your site is using UTF-8.

You should stop using mysql_* functions they are deprecated for a long time.
Use mysqli or PDO and bind parameters to the query not concatenate the query string with some not prepared php variables.
So just to help you pass over the issue this time you can:
$query = "SELECT art,art_manufacturer,group_manufacturer
FROM goods
WHERE art_manufacturer = '".mysql_real_escape_string($art)."'";

Put large text into DB2 table in php

I've got a table with Clob field (is there any other data types in IBM DB2 to store text in it?). So, i have an article (html+css+text). I used htmlspecialchars($text) to prepare the text.
Then I do next thing:
$query="update tbl_lang_text set text='$text' where ownerid=$id and lang like '$lng' and type=1";
$stmt = db2_prepare($this->conn, $query);
$result = db2_execute($stmt);
So i got an error. something like: the query is too big. So. how can i update my field with such a large text?
P.S.: An test article contains 28 154 characters with spaces.

A CLOB column can take up to 2 147 483 647 characters, so it is unlikely that this is what is causing the error.
What could be problem (and even if it's not you should fix it), is that you are not escaping the input at all. Using prepared statements (i.e.: db2_prepare) is good, but you still need to use parameters and values to have your data escaped:
$query = "update tbl_lang_text set text=?".
"where ownerid=? and lang like ? and type=1";
$stmt = db2_prepare($this->conn, $query);
$result = db2_execute($stmt, array($text, $id, $lng));
It is very likely that $text contains at least an apostrophe ' and that your query fails because of it.