0

Line 30 is OCI_execute($sql_id, OCI_DEFAULT);

I have an html document where a user is asked to input the FirstName, LastName, ArtistID, nationality, DateofBirth. After they input it, and submit it, the inputs should be pointed to the PHP document below. I'm not sure why I'm getting the error.

HTML document

<body><center>
<p> This form submits user input to a php script file called OraclePHP-5, the PHP    script inserts a new record into the Artist table and shows a message. </p>
<form name = "form1" method="post" action="OraclePHP-5.php">
<p>Artist First Name:
    <input type="text" name="inputName">
</p>
    <p>Artist Last Name:
    <input type="text" name="inputLName">
</p>
<p>Artist ID:
    <input type="text" name="inputID">
</p>
<p>Nationality:
    <input type="text" name="inputNation">
</p>
<p>Birth Year:
    <input type="text" name="inputYear">
</p>
<p>
    <input type="submit" name="Submit" value="Submit">
</p>
<p>&nbsp;</p>
</form>
<p>&nbsp;</b>
</body>

PHP document Error on line 30: OCI_execute($sql_id, OCI_DEFAULT);

<html>
<head>
<title>Class Assignment</title>
<meta http-equiv="Content-Type" content="text/html; charset=big5">
</head>

<body><center>
<?php
putenv("ORACLE_HOME=/export/home/oracle/app/oracle/product/11.1.0/db_1");
putenv("LD_LIBRARY_PATH=/export/home/oracle/app/oracle/product/11.1.0/db_1/lib");
$connection = OCILogon("xxxxxx","xxxxxx","xxxxxx");
if (!$connection) {
    echo "Couldn't make a connection!";
    exit;
}       else {echo "You have connected to the UIS Oracle Database!! <p>";}


$sqlquery = ("Insert INTO ARTIST(FirstName, LastName, ArtistID, nationality, DateofBirth)
 Values('".$inputName."','".$inputLName."',".$inputID.",'".$inputNation."',".$inputYear.")");

$sql_id = oci_parse($connection, $sqlquery);


if (!$sql_id){
$e=oci_error($connection);
print htmlentities($e['message']);
exit;
}

OCI_execute($sql_id, OCI_DEFAULT);
OCI_commit($connection);
OCI_Free_Statement($sql_id);
OCI_Close($connection);
?>
</body>
user2214467
  • 1
  • 1
  • 4
  • Which line is line 30? – Andy Lester Apr 08 '14 at 16:36
  • **By building SQL statements with outside variables, you are leaving yourself open to SQL injection attacks.** Also, any input data with single quotes in it, like a name of "O'Malley", will blow up your SQL query. Please learn about using parametrized queries, preferably with the PDO module, to protect your web app. [This question](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has many examples in detail. You can also see http://bobby-tables.com/php for alternatives and explanation of the danger. – Andy Lester Apr 08 '14 at 16:36
  • I understand your sentiment. I agree with you, but this is for a class and is just temporary. It was the code my professor uses. I'm mainly just stumped about the OCI_execute($sql_id, OCI_DEFAULT); error I don't know why I'm getting it. – user2214467 Apr 08 '14 at 22:18
  • Did you paste the exact error message? Doesn't OCI have some sort of error message from Oracle that you can print? – Andy Lester Apr 09 '14 at 00:51
  • Also, how are your columns defined? Is the year an integer? – Andy Lester Apr 09 '14 at 00:53
  • LastName Char(25 Byte), FirstName Char(25 Byte), ArtistID Number(38,0), Nationality Char(30 Byte) DateofBirth Number(4,0) in Oracle – user2214467 Apr 09 '14 at 04:26
  • Warning: oci_execute() [function.oci-execute]: ORA-00936: missing expression in /home/xxxxxx/public_html/OraclePHP-5.php on line 30 – user2214467 Apr 09 '14 at 04:27
  • Do you think my column definitions would effect the error? – user2214467 Apr 11 '14 at 00:45

0 Answers0