0

I have this code,

$head_mark = $_POST["headmark"];
$id = $_POST["headmark_id"];

 $cuttingUpdateParse = oci_parse($conn, "UPDATE FABRICATION SET CUTTING = $cutting_done
                                  WHERE HEAD_MARK = $head_mark AND ID = $id");

somehow oracle doesnt want to accept this kind of code. the message i got from firebug is

warning:

Warning: oci_execute(): ORA-00904: "TEST1": invalid identifier in C:\xampp\htdocs\WeltesInformationCenter\update_bar\process_class.php on line 33

Please help me with your suggestion, the data type in associated with HEAD_MARK is VARCHAR2(15). I am assuming we need to make some kind of string conversion so that oracle sql can read it.

Improve this question
7
  • The OCI extension supports parameterised statements. Use them. See php.net/manual/function.oci-bind-by-name.php Commented Apr 17, 2014 at 6:33
  • @Daan That's some pretty bad advice Commented Apr 17, 2014 at 6:34
  • @Phil true but works, I'm using OCI PDO at mine works awesome. Commented Apr 17, 2014 at 6:34
  • @Phil parameterised statements doens't work well with OCI. Commented Apr 17, 2014 at 6:35
  • 1
    @ponciste and again, I say total rubbish. You show me how they are "not working properly" and I'll eat my hat. In my 3 years of working with PHP and Oracle via the OCI extension, I never once had a parameterised statement not work. Commented Apr 17, 2014 at 6:46

1 Answer 1

Reset to default
2

As mentioned in my comment, you should use a prepared statement with parameter binding. This avoids the need to manually quote your values as well as providing a safe means to use them without worrying about SQL injection.

For example...

$stmt = oci_parse($conn, 'UPDATE FABRICATION SET CUTTING = :cutting_done
                          WHERE HEAD_MARK = :head_mark AND ID = :id');
oci_bind_by_name($stmt, ':cutting_done', $cutting_done);
oci_bind_by_name($stmt, ':head_mark', $head_mark);
oci_bind_by_name($stmt, ':id', $id);
oci_execute($stmt);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.