0
我正在使用以下代码来生成SQL。使用oci_execute()时需要帮助删除ORA-00911错误()
$sql = "INSERT INTO SUBSTATION VALUES (".
"SEQ_SUBSTATION_FEATURE_ID.NEXTVAL, ".
"'".$_REQUEST['substationName']."', ". // SUBSTATION NAME
"null, ". // SLD_PATH
"null, ". // GEOMETRY
"'".$_REQUEST['substationType']."', ". // SUBSTATION_TYPE
$_REQUEST['capacity'].", ". // CAPACITY
"'".$_REQUEST['address_1']."', ". // ADDRESS_1
"'".$_REQUEST['address_2']."', ". // ADDRESS_2
"'".$_REQUEST['landmark']."', ". // LANDMARK
"'".$_REQUEST['state']."', ". // STATE
"'".$_REQUEST['district']."', ". // DISTRICT
"'".$_REQUEST['pin']."', ". // PIN
$_REQUEST['noOfTransformers'].", ". // NO_OF_TRANSFORMERS
$_REQUEST['noOfLTBreakers'].", ". // NO_OF_LT_BREAKERS
$_REQUEST['noOfHTBreakers'].", ". // NO_OF_HT_BREAKERS
$_REQUEST['noOfHTIsolators'].", ". // NO_OF_HT_ISOLATORS
$_REQUEST['noOfLTBoards'].", ". // NO_OF_LT_BOARDS
"to_date('".$_REQUEST['commissioningDate']."','DD/MM/YYYY'), ". // COMMISSIONING DATE
"'".$_REQUEST['schemeNo']."', ". // SCHEME_NO
"to_date('".$_REQUEST['schemeDate']."','DD/MM/YYYY'), ". // SCHEME_DATE
"'".$_REQUEST['comments']."', ". // COMMENTS
"'N', ". // APPROVED
"null, ". // APPROVER
"null);"; // APPROVED_ON
这里是SQL生成
INSERT INTO SUBSTATION VALUES
(SEQ_SUBSTATION_FEATURE_ID.NEXTVAL, 'S/S 3 4400', NULL, NULL, 'D', 5000,
'The Address 1', 'The Address 2', 'The Landmark', '15', '1', '234234',
34, 65, 12, 98, 43,
to_date('01/09/2010','DD/MM/YYYY'), 'Scheme 12345',
to_date('06/10/2010','DD/MM/YYYY'), 'This substation has following assets',
'N', null, null);
现在,我直接运行在SQL Developer中生成的SQL,它工作正常。但是,当我运行查询使用oci_execute($ sql)在PHP,它不起作用。虽然使用下面的代码调试:
$st = oci_parse($conn, $sql) or die("<br />Error parsing query. ");
if(!oci_execute($st)){
$err = oci_error($st);
echo $err['message'];
}
它显示错误消息:
ORA-00911:非法字符
任何帮助,请.......
请使用带有绑定参数的查询,而不是串联的串在一起的:它会让你的插入更容易理解,将工作时的一个你输入包含单引号,并且会阻止SQL注入。 – Codo