Revisions to How can I prevent SQL injection in PHP?

Rewrote code to use non-deprecated functions.

Source Link

edited May 25, 2016 at 13:51

12.9k
3
36
47

There are so many answers for PHP and MySQL, but here is code for PHP and Oracle for preventing SQL injection as well as regular use of oci8 drivers:

$c$conn = oci_connect($userName$username, $password, "(DESCRIPTION=(ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST =$serverName)(PORT = 1521)))(CONNECT_DATA=(SID=$databaseName)))"$connection_string);
$strQuery$stmt = "UPDATEoci_parse($conn, 'UPDATE table SET field = :xx WHERE ID = 123"
$stmt = OCIParse($c, $strQuery123');
 
OCIBindByNameoci_bind_by_name($stmt, ':xx', $fieldval);
 
$ok = OCIExecuteoci_execute($stmt);

There are so many answers for PHP and MySQL, but here is code for PHP and Oracle for preventing SQL injection as well as regular use of oci8 drivers:

$c = oci_connect($userName, $password, "(DESCRIPTION=(ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST =$serverName)(PORT = 1521)))(CONNECT_DATA=(SID=$databaseName)))");
$strQuery = "UPDATE table SET field = :xx WHERE ID = 123"
$stmt = OCIParse($c, $strQuery);
 
OCIBindByName($stmt, ':xx', $fieldval);
 
$ok = OCIExecute($stmt);

There are so many answers for PHP and MySQL, but here is code for PHP and Oracle for preventing SQL injection as well as regular use of oci8 drivers:

$conn = oci_connect($username, $password, $connection_string);
$stmt = oci_parse($conn, 'UPDATE table SET field = :xx WHERE ID = 123');
oci_bind_by_name($stmt, ':xx', $fieldval);
oci_execute($stmt);

Copy edited.

Source Link

edited Jul 16, 2014 at 2:53

Peter Mortensen

31.3k
22
109
132

There are so many answers for PHP + MYSQLand MySQL, but here there is code for PHP+OraclePHP and Oracle for preventing sqlSQL injection as well as regular use of oci8 drivers might be this is useful for anyone:

$c = oci_connect($userName, $password, "(DESCRIPTION=(ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST =$serverName)(PORT = 1521)))(CONNECT_DATA=(SID=$databaseName)))");
$strQuery = "UPDATE table SET field = :xx WHERE ID = 123"
$stmt = OCIParse($c, $strQuery);

OCIBindByName($stmt, ':xx', $fieldval);

$ok = OCIExecute($stmt);

There are so many answers for PHP + MYSQL but here there is code for PHP+Oracle for preventing sql injection as well as regular use of oci8 drivers might be this is useful for anyone

$c = oci_connect($userName, $password, "(DESCRIPTION=(ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST =$serverName)(PORT = 1521)))(CONNECT_DATA=(SID=$databaseName)))");
$strQuery = "UPDATE table SET field = :xx WHERE ID = 123"
$stmt = OCIParse($c, $strQuery);

OCIBindByName($stmt, ':xx', $fieldval);

$ok = OCIExecute($stmt);

There are so many answers for PHP and MySQL, but here is code for PHP and Oracle for preventing SQL injection as well as regular use of oci8 drivers:

$c = oci_connect($userName, $password, "(DESCRIPTION=(ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST =$serverName)(PORT = 1521)))(CONNECT_DATA=(SID=$databaseName)))");
$strQuery = "UPDATE table SET field = :xx WHERE ID = 123"
$stmt = OCIParse($c, $strQuery);

OCIBindByName($stmt, ':xx', $fieldval);

$ok = OCIExecute($stmt);

code indent

Source Link

edit approved Apr 8, 2014 at 19:57

naab

1.1k
1
8
26

There are so many answers for PHP + MYSQL but here there is code for PHP+Oracle for preventing sql injection as well as regular use of oci8 drivers might be this is useful for anyone

$c = oci_connect($userName, $password, "(DESCRIPTION=(ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST =$serverName)(PORT = 1521)))(CONNECT_DATA=(SID=$databaseName)))");
$strQuery = "UPDATE table SET field = :xx WHERE ID = 123"
  $stmt = OCIParse($c, $strQuery);

    OCIBindByName($stmt, ':xx', $fieldval);

 

      $ok = OCIExecute($stmt);

There are so many answers for PHP + MYSQL but here there is code for PHP+Oracle for preventing sql injection as well as regular use of oci8 drivers might be this is useful for anyone

$c = oci_connect($userName, $password, "(DESCRIPTION=(ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST =$serverName)(PORT = 1521)))(CONNECT_DATA=(SID=$databaseName)))");
$strQuery = "UPDATE table SET field = :xx WHERE ID = 123"
  $stmt = OCIParse($c, $strQuery);

    OCIBindByName($stmt, ':xx', $fieldval);

 

      $ok = OCIExecute($stmt);

There are so many answers for PHP + MYSQL but here there is code for PHP+Oracle for preventing sql injection as well as regular use of oci8 drivers might be this is useful for anyone

$c = oci_connect($userName, $password, "(DESCRIPTION=(ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST =$serverName)(PORT = 1521)))(CONNECT_DATA=(SID=$databaseName)))");
$strQuery = "UPDATE table SET field = :xx WHERE ID = 123"
$stmt = OCIParse($c, $strQuery);

OCIBindByName($stmt, ':xx', $fieldval);

$ok = OCIExecute($stmt);

Source Link

created Jan 30, 2014 at 7:00

Chintan Gor

1.1k
2
15
37

Loading

Post Made Community Wiki by Chintan Gor

occurred Jan 30, 2014 at 7:00

Collectives™ on Stack Overflow

Return to Answer