I am trying to insert date in Oracle 10g using php. This is my query:
$dat='1989-10-21';
$did="0011";
$nam="George";
$sql= "insert into table (did, name, date_of_birth) values (:did,:nam, TO_DATE(:dat,’YYYY-MM-DD’))";
$stmt = oci_parse($conn, $sql);
oci_bind_by_name($stmt, ':did', $did);
oci_bind_by_name($stmt, ':nam', $nam);
oci_bind_by_name($stmt, ':dat', $dat);
$result = oci_execute($stmt);
But it is giving me the following error:
oci_execute() [function.oci-execute]: ORA-00911: invalid character in
C:\Apache2.2\htdocs\new2.php on line 14
I have tried running it without binding but its still not working. I checked it on sql plus its working fine. Please help
Maybe you can try to quote the first param when use to_date,at least I use it like this:
$date = '2013-11-11';
$sql = "select t.* from my_table t where create_date>to_date('". $date ."','yyyy-mm-dd hh24:mi:ss')";
Perhaps it can give you some ideas.
Related
I am trying to perform an insert with the information of a query from another table, using php and mysql, I know that I have not done the protection part against sql injection correctly, I will solve that at the end, I tell you why then they only go to scold and do not contribute, would you be kind enough to tell me how to use the value obtained from the query, thank you.
<?php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
include("conection.php");
$credits = mysqli_real_escape_string($con, $_POST['credits']);
$namesec = mysqli_real_escape_string($con, $_POST['namesec']);
$change = mysqli_real_escape_string($con, $_POST['change']);
$stmt = $con->prepare("UPDATE students
SET student_credits = (student_credits + ?)
WHERE student_qr = ?");
$stmt->bind_param("is", $_POST['credits'], $_POST['namesec']);
$stmt->execute();
$insert_query = $con->prepare("INSERT INTO historical_credits (id_students, credits_paid)
SELECT id_students, ?
FROM students
WHERE student_qr = ?"
);
$insert_query->bind_param("is", $_POST['credits'], $_POST['namesec']);
$insert_query->execute();
mysqli_close($con);
?>
I want to use the value of id_student obtained from the query to insert it into a new table
You forgot to call fetch_assoc() to get the row that the query returns.
You also didn't quote $namesec in the SELECT query, so it's getting an error. This wouldn't be a problem if you used a parameter instead of substituting the variable.
But there's no need to do this in two queries. You can give a SELECT query as the source of the data in INSERT.
$insert_query = $con->prepare("
INSERT INTO historical_credits (id_students, credits_paid)
SELECT id_students, ?
FROM students
WHERE student_qr = ?");
$insert_query->bind_param("is", $_POST['credits'], $_POST['namesec']);
$insert_query->execute();
It seems that PDO has a problem with ISO 8601 formatted timestamps.
I'm connecting from 64-bit Ubuntu 16.04 running PHP 7.0.8 using the Microsoft® ODBC Driver 13 (Preview) for SQL Server®
Here's my simple table:
CREATE TABLE dtest (
"stamp" DATETIME
);
Works:
$pdoDB = new PDO('odbc:Driver=ODBC Driver 13 for SQL Server;
Server='.DATABASE_SERVER.';
Database='.DATABASE_NAME,
DATABASE_USERNAME,
DATABASE_PASSWORD
);
$pdoDB->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sql = "INSERT INTO dtest (stamp) VALUES ('2011-03-15T10:23:01')";
$stmt = $pdoDB->prepare($sql);
$params = [];
$stmt->execute($params);
Does not work:
$sql = "INSERT INTO dtest (stamp) VALUES (?)";
$stmt = $pdoDB->prepare($sql);
$params = ['2011-03-15T10:23:01'];
$stmt->execute($params);
Fatal error: Uncaught PDOException: SQLSTATE[22018]: Invalid character value for cast specification: 0 [Microsoft][ODBC Driver 13 for SQL Server]Invalid character value for cast specification (SQLExecute[0] at /build/php7.0-lPMnpS/php7.0-7.0.8/ext/pdo_odbc/odbc_stmt.c:260)
This works if I delete the T so '2011-03-15T10:23:01' becomes '2011-03-15 10:23:01'
$sql = "INSERT INTO dtest (stamp) VALUES (?)";
$stmt = $pdoDB->prepare($sql);
$params = ['2011-03-15 10:23:01'];
$stmt->execute($params);
But I'm writing a script that runs nightly on about 2 million records, so I'd really rather not bear the overhead of running millions of str_replace('T', ' ', $param)
I've also tried using bindParam, but it gives the same error:
$sql = "INSERT INTO dtest (stamp) VALUES (:tdate)";
$stmt = $pdoDB->prepare($sql);
$date = '2011-03-15T10:23:01';
$stmt->bindParam(':tdate',$date,PDO::PARAM_STR);
$stmt->execute();
Is there anyway to bind and execute this parameter as is? I'm a little dubious of the error message because it appears to be coming from SQL Server as if PDO did its job fine, but that doesn't make sense since it's able to handle the type conversion without parameterization.
I've also tried SQL conversion:
Works:
$sql = "INSERT INTO dtest (stamp) VALUES (CONVERT(DATETIME, '2011-03-15T10:23:02', 126))";
$stmt = $pdoDB->prepare($sql);
$params = [];
$stmt->execute($params);
Does not Work:
$sql = "INSERT INTO dtest (stamp) VALUES (CONVERT(DATETIME, ?, 126))";
$stmt = $pdoDB->prepare($sql);
$params = ['2011-03-15T10:23:02'];
$stmt->execute($params);
You will need to use SQL Server's built-in convert() function and specify the format (126) which you are giving it:
$sql = "INSERT INTO dtest (stamp) VALUES (CONVERT(DATETIME, '2011-03-15T10:23:01', 126))";
The documentation mentions :mmm at the end of your string so you might need to manually add :000 at the end of your date string for this to work.
After half a day spent trying to resolve the same issue, I ended up dropping odbc and using dblib instead. I installed php7.0-sybase package, adapted the data source name of my PDO connection and resolved once for all.
Now every bind is working.
I have this code,
$head_mark = $_POST["headmark"];
$id = $_POST["headmark_id"];
$cuttingUpdateParse = oci_parse($conn, "UPDATE FABRICATION SET CUTTING = $cutting_done
WHERE HEAD_MARK = $head_mark AND ID = $id");
somehow oracle doesnt want to accept this kind of code. the message i got from firebug is
warning:
Warning: oci_execute(): ORA-00904: "TEST1": invalid identifier in C:\xampp\htdocs\WeltesInformationCenter\update_bar\process_class.php on line 33
Please help me with your suggestion, the data type in associated with HEAD_MARK is VARCHAR2(15). I am assuming we need to make some kind of string conversion so that oracle sql can read it.
As mentioned in my comment, you should use a prepared statement with parameter binding. This avoids the need to manually quote your values as well as providing a safe means to use them without worrying about SQL injection.
For example...
$stmt = oci_parse($conn, 'UPDATE FABRICATION SET CUTTING = :cutting_done
WHERE HEAD_MARK = :head_mark AND ID = :id');
oci_bind_by_name($stmt, ':cutting_done', $cutting_done);
oci_bind_by_name($stmt, ':head_mark', $head_mark);
oci_bind_by_name($stmt, ':id', $id);
oci_execute($stmt);
function DBClosedTicket($TRANSACTIONID,$TRANSACTIONTYPE='')
{
$CLOSEDATE = DBGetDate(); //ex. value is 2013:01:02 17:03:20
$strQuery = "UPDATE TBL_TRANSACTION SET TRANSACTION_TYPE = :TRANSACTIONTYPE, CLOSE_DATE = :CLOSEDATE WHERE TRANSACTION_ID = :TRANSACTIONID";
$stmt = oci_parse(DBConnect(), $strQuery);
oci_bind_by_name($stmt, ':TRANSACTIONID', $TRANSACTIONID);
oci_bind_by_name($stmt, ':TRANSACTIONTYPE', $TRANSACTIONTYPE);
oci_bind_by_name($stmt, ':CLOSEDATE', $CLOSEDATE);
oci_execute($stmt);
return $strQuery;
}
no errors and no result how can i update with date in oracle using php
You need to change this statement so that Oracle understands the date format:
$strQuery = "UPDATE TBL_TRANSACTION SET TRANSACTION_TYPE = :TRANSACTIONTYPE, CLOSE_DATE = to_date(':CLOSEDATE', 'RRRR:MM:DD HH24:MI:SS') WHERE TRANSACTION_ID = :TRANSACTIONID";
I hope DBGetDate() returns a string value and data type of CLOSE_DATE is DATE in Oracle db.
If the above change do not work, try replacing single quotes from ':CLOSEDATE'.
Any thoughts on why the query works in SQLDeveloper but in php it doesn't?
$update = " update TABLENAME SET LASTMOD=current_timestamp WHERE TABLE_NAME=$table ";
$stmt = oci_parse($conn, $update);
oci_execute($stmt, OCI_DEFAULT);
oci_free_statement($stmt);
I'm assuming that your variable $table does not include quotes and it must be quoted in the WHERE clause:
$update = " update TABLENAME SET LASTMOD=current_timestamp WHERE TABLE_NAME='$table'";
A call to oci_error() would reveal any syntax errors in your query.
Note also, that according to the documentation, if this is PL/SQL the statement must end in a ; as
$update = " update TABLENAME SET LASTMOD=current_timestamp WHERE TABLE_NAME='$table';";
The statement would be better done as a proper prepared statement though, with bound parameters:
$update = " update TABLENAME SET LASTMOD=current_timestamp WHERE TABLE_NAME=:table;";
$stmt = oci_parse($conn, $update);
oci_bind_by_name($stmt, ':table', $table);
$result = oci_execute($stmt, OCI_DEFAULT);
if (!$result) {
echo oci_error();
}
Found the solution. OCI_DEFAULT doesn't commit so I needed to change it to:
oci_execute($stmt, OCI_COMMIT_ON_SUCCESS);