$ten_desc=$_REQUEST['frm_num'];
$sql = "select * from TENDER_REG where TENDER_DESC LIKE:ten_desc%'";
$stmt=oci_parse($conn,$sql);
oci_bind_by_name($stmt,':ten_desc',$ten_desc);
displaying error please help
The SQL query string will likely confuse PHP and ORACLE. The following will make more sense to both. 1) there is one clear placeholder in the query string. 2) the value passed is complete.
Untested:
replace:
$sql = "select * from TENDER_REG where TENDER_DESC LIKE:ten_desc%'";
with:
$sql = "select * from TENDER_REG where TENDER_DESC LIKE :ten_desc";
and:
oci_bind_by_name($stmt,':ten_desc',$ten_desc);
with:
oci_bind_by_name($stmt,':ten_desc', $ten_desc .'%');
Related
I'm new to laravel and I cant seem to run this query in laravel.
SELECT * INTO tmp.dbo.dataset_15112022_124949 FROM tmp.dbo.dataset;
I have tried the following without any success
$archive_db = "SELECT * INTO tmp.dbo.dataset_15112022_124949 FROM tmp.dbo.dataset" ;
config(['database.connections.sqlsrv.database' => 'tmp']);
DB::connection('sqlsrv')->raw($archive_db);
Any help would be highly apreciated.
With the following code you will get a PDO instance:
DB::connection('sqlsrv')->getPDO();
So you can execute a raw query with the following code:
$sql = "SELECT * INTO tmp.dbo.dataset_15112022_124949 FROM tmp.dbo.dataset;";
DB::connection('sqlsrv')->getPDO()->query($sql);
Another approach is DB::statement($sql);
$sql = "SELECT * INTO tmp.dbo.dataset_15112022_124949 FROM tmp.dbo.dataset;";
DB::connection('sqlsrv')->statement($sql);
I want try to execute my query in PHP 7
$sql ="SELECT * from order_details where order_id = '".$order_number."'
AND product_id=".$pro['pruduct_id'].";
$select = mysqli_query($connection,trim($sql)) or die("Query(Get Shipments) is not executed.");
I got following type of string at the start of SQL query and my sql query is not execute due to added that kind of string. I have also used trim() and string replace function but SQL query is not execute.
That is becuase you have syntax error there
try this :
$sql ="SELECT * from order_details where order_id = '".$order_number."' AND product_id='".$pro['pruduct_id']."'";
$select = mysqli_query($connection, trim($sql)) or die("Query(Get Shipments) is not executed.");
I am trying to make a web application and I would like to search in a mysql database with a php script.
But my code does not work as expected.
Here is my code:
$search=$_POST['search'];
$sql_cautare="SELECT * FROM carti WHERE titlu = "$search"";
I have search form..and I want to select those values that are entered in the search form.
Can anyone help me?
Try this one
$sql_cautare = $conn->prepare("SELECT * FROM carti WHERE titlu = ?");
$sql_cautare->bind_param('s', $search);
$sql_cautare->execute();
The following should work:
$sql_cautare = "SELECT * FROM carti WHERE titlu = '$search'";
But you should definitly do some input sanitization before using it in SQL!
I really dislike writing SQL queries within my PHP.
Given the following example piece of PHP:
script.php
$name = 'Bill'
$query = "SELECT * FROM a_table WHERE name='$name'";
I'd like to instead write the sql query in it's own file and include (or otherwise) get the contents into my script:
query.sql
SELECT * FROM a_table WHERE name='$name'
script.php
// This doesn't work obviously
$query = '"'.include('query.sql').'"';
Note that I'd like to be able to reference PHP variables within the SQL query (e.g: $name is setup declared in script.php but used as part of the query).
nice and simple solution:
$sql = file_get_contents("query.sql");
And to reference variables, I suggest using PDO where you reference like this
$query = $db->query( "SELECT x FROM x WHERE x = :example")
$query->execute(array("example"=>$value));
...But you can do something similar to this in mysqli, etc.
query.sql:
SELECT * FROM a_table WHERE name=:name
script.php:
$query = file_get_contents('path/to/query.sql');
Then bind the parameters and execute the query.
See How can I prevent SQL-injection in PHP? for why you should bind variables instead of concatenating them into your query string.
I am trying to get some information from my table, but the query returns empty when I call it this way:
$varchar_string = mysqli_real_escape_string($link, $_GET['code']); //the code is b5KlL4znM in this scenario
mysqli_query($link, "SELECT * FROM table WHERE code = $varchar_string");
The string is alphanumeric, and is submitted by users, so I've escaped it before doing the query.
Now if I do this query
mysqli_query($link, "SELECT * FROM table WHERE code = 'b5KlL4znM'");
It works fine, but that's not very dynamic.
I didn't get many results when I searched for this issue, and I didn't manage to find the answer amongst those that seem relevant.
Do you perhaps need to put quotes around your string?
mysqli_query($link, "SELECT * FROM table WHERE code = '$varchar_string'");
You'll need to include the variable in quotations.
mysqli_query($link, "SELECT * FROM table WHERE code = '$varchar_string'");