Hi,
I'm trying to upload a image file to a oracle DB and i need to only use
ODBC functions.
In db i have a LONG RAW column (if this is not correct, please tell me).
I'm getting the error from oracle: [Oracle][ODBC][Ora]ORA-00972:
identifier is too long...
here is my php code:
if (isset($_FILES['foto']['name']) & !empty($_FILES['foto']['name'])) {
$foto = $_FILES['foto']['tmp_name'];
$date = addslashes(fread(fopen($foto, "r"), filesize($foto)));
$id = $_SESSION['id'];
$foto_type = $_FILES['foto']['type'];
$sql = "INSERT INTO fotos (id_foto, id_cat, id_m, fotos, avg,
total, foto_type) VALUES (fotografias_id.nextval, 1, $id, '$date', '0',
'0', '$foto_type')";
....
then i execute the sql, etc...
------------------
Any ideas how should i accomplish this upload task?
thanks in advance for your time,
ATK
4  3664 
On Sun, 22 May 2005 04:23:48 +0100, ATK <ci*****@netcabo.pt> wrote: I'm trying to upload a image file to a oracle DB and i need to only use
ODBC functions.
In db i have a LONG RAW column (if this is not correct, please tell me).
It should be BLOB - LONG RAW is deprecated.
I'm getting the error from oracle: [Oracle][ODBC][Ora]ORA-00972:
identifier is too long...
here is my php code:
if (isset($_FILES['foto']['name']) & !empty($_FILES['foto']['name'])) {
$foto = $_FILES['foto']['tmp_name'];
$date = addslashes(fread(fopen($foto, "r"), filesize($foto)));
$id = $_SESSION['id'];
$foto_type = $_FILES['foto']['type'];
$sql = "INSERT INTO fotos (id_foto, id_cat, id_m, fotos, avg,
total, foto_type) VALUES (fotografias_id.nextval, 1, $id, '$date', '0',
'0', '$foto_type')";
Eep. Use placeholders/bind variables. Do not embed variables into SQL -
_particularly_ under Oracle.
Asides from the security issues due to escaping (addslashes() does NOT escape
strings as required by Oracle), it also results in masses of "hard parsing",
also the maximum length of a literal string is 4000 characters so your file
won't work, and also you're subjecting binary data to character set conversions
potentially resulting in more corruption.
...
then i execute the sql, etc...
Any ideas how should i accomplish this upload task?
Placeholders/bind variables.
--
Andy Hassall / <an**@andyh.co.uk> / <http://www.andyh.co.uk>
<http://www.andyhsoftware.co.uk/space> Space: disk usage analysis tool
Thanks for your reply, i still have some questions:
Andy Hassall wrote: $sql = "INSERT INTO fotos (id_foto, id_cat, id_m, fotos, avg,
total, foto_type) VALUES (fotografias_id.nextval, 1, $id, '$date', '0',
'0', '$foto_type')";
Eep. Use placeholders/bind variables. Do not embed variables into SQL -
_particularly_ under Oracle.
Asides from the security issues due to escaping (addslashes() does NOT escape
strings as required by Oracle), it also results in masses of "hard parsing",
also the maximum length of a literal string is 4000 characters so your file
won't work, and also you're subjecting binary data to character set conversions
potentially resulting in more corruption.
If addslashes is not enough, what should i use?
What do you mean "Placeholders/bind variables", can you show some
links/code examples, and let me remember that i can only use ODBC
functions, not oracle extension functions...
Thanks again
On Sun, 22 May 2005 23:24:02 +0100, ATK <ci*****@netcabo.pt> wrote: Thanks for your reply, i still have some questions:
Andy Hassall wrote:
$sql = "INSERT INTO fotos (id_foto, id_cat, id_m, fotos, avg,
total, foto_type) VALUES (fotografias_id.nextval, 1, $id, '$date', '0',
'0', '$foto_type')";
Eep. Use placeholders/bind variables. Do not embed variables into SQL -
_particularly_ under Oracle.
Asides from the security issues due to escaping (addslashes() does NOT escape
strings as required by Oracle), it also results in masses of "hard parsing",
also the maximum length of a literal string is 4000 characters so your file
won't work, and also you're subjecting binary data to character set conversions
potentially resulting in more corruption.
If addslashes is not enough, what should i use?
Placeholders, and don't put values in the SQL, bind them separately.
(Oracle doesn't quote single quotes with slashes, it uses another quote. But
this is the wrong approach, anyway).
What do you mean "Placeholders/bind variables", can you show some
links/code examples, and let me remember that i can only use ODBC
functions, not oracle extension functions...
In that case I can only refer you to the manual, since I don't use ODBC. http://uk.php.net/odbc http://uk.php.net/manual/en/function.odbc-prepare.php http://uk.php.net/manual/en/function.odbc-execute.php
I believe (but could be wrong) that ODBC forces you to use anonymous
placeholders, i.e. "?". So your SQL would look like:
$sql = "INSERT INTO fotos (id_foto, id_cat, id_m, fotos, avg, total, foto_type)
VALUES (fotografias_id.nextval, 1, ?, ?, '0', '0', ?)";
You'd then pass in the values to bind to the placeholders in the execute call.
Constants are OK in SQL, but variables are not, and replaced by placeholders.
Note that placeholders are not quoted, nor are the values passed to execute
escaped in any way. They are passed to the database as-is and it handles
binding them to the correct places in the statement.
I also recommend ADOdb as a layer on top of the basic database calls. I
believe it can use ODBC connections to Oracle. http://adodb.sourceforge.net/
--
Andy Hassall / <an**@andyh.co.uk> / <http://www.andyh.co.uk>
<http://www.andyhsoftware.co.uk/space> Space: disk usage analysis tool
On Sun, 22 May 2005 18:03:02 +0100, Andy Hassall wrote: then i execute the sql, etc...
Any ideas how should i accomplish this upload task?
Placeholders/bind variables.
Easy package to do this with is John Lim's wonderful ADOdb. He even
shows you how to do that.
--
You can get more of what you want with a kind word and a gun than
you can with just a kind word. (Al Kapone) This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: simianphile |
last post by:
OK, I had a problem that I've now fixed but I can't really understand
what was causing it in the first place. I have an intranet site that
uses basic authentication to allow users to view and...
|
by: Kong Li |
last post by:
Environments:
1. WinXP SP1, MDAC 2.7 SP1 (Microsoft ODBC for Oracle is
2.573.9030.0), Oracle client 9.2.0.1.
2. Win2000 SP4, MDAC 2.7 SP1 (Microsoft ODBC for Oracle is
2.573.9030.0), Oracle...
|
by: SerGioGio |
last post by:
Hello,
I am going nuts. I am trying to connect to my local ORACLE instance using
ODBC.
It used to work few weeks ago, but it fails now.
Connection with:
- SQL*plus: connection works!
-...
|
by: Roger Redford |
last post by:
Dear Experts,
I'm attempting to marry a system to an Oracle 817 datbase.
Oracle is my specialty, the back end mainly, so I don't
know much about java or javascript.
The system uses javascript...
|
by: jrefactors |
last post by:
My machine is Windows XP with Oracle 9.2 Home; IIS and Oracle
are in the same box.
I have tried both Oracle OLEDB Provider and Microsoft ODBC For Oracle,
but both not working.
For Microsoft...
| | |
by: totierne |
last post by:
comp.databases.ms-access,
I want to know how to use Oracle views with session variables in
Access.
The parameterised views in access, are migrated to views with per
session
variables.
The...
|
by: Chris Botha |
last post by:
The machine is running XP Pro with all the latest service packs, etc. I must
access an Oracle database so I installed the Oracle client stuff. I can
query Oracle from a Windows app, no problem....
|
by: Crazy Cat |
last post by:
Hi all,
I am having trouble getting linked Oracle 9 server in MS SQL Server
2005 Express to work properly. My machine is running Windows XP.
The Microsoft and Oracle OLE DB Providers have...
|
by: Ben |
last post by:
Hi,
I have a problem connecting to Oracle using and ODBC connection in a ASP.Net
web page.
The TNS Names works fine because when I create a DSN it works, and it works
in SQL Plus.
Here are...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| |
