Delicious Bookmark this on Delicious Share on Facebook SlashdotSlashdot It! Digg! Digg



PHP : Function Reference : ODBC Functions (Unified) : odbc_execute

odbc_execute

Execute a prepared statement (PHP 4, PHP 5)
bool odbc_execute ( resource result_id [, array parameters_array] )

Examples ( Source code ) » odbc_execute

<?php
/* get connection */
$conn=odbc_connect("mydb","","");

/* run insert */
$stmt odbc_prepare($conn"INSERT INTO mytable (jor_from, jor_to) VALUES('$from', '$to');" );

/* check for errors */
if (!odbc_execute($stmt)) {
    
/* error  */
    
echo "Whoops";
}

/* close connection */
odbc_close($conn);
?>




// In the following code, $success will only be TRUE if all three parameters to myproc are IN parameters:

<?php
$a 
1;
$b 2;
$c 3;
$stmt    odbc_prepare($conn'CALL myproc(?,?,?)');
$success odbc_execute($stmt, array($a$b$c));
?>

//If you need to call a stored procedure using INOUT or OUT parameters, the recommended workaround is to use a native extension for your database (for example, mssql for MS SQL Server, or oci8 for Oracle). 

Code Examples / Notes » odbc_execute

edrenth

When used with parameters and the statement fails, you cannot use different arguments anymore, the same arguments as with the failed statement will be used.

reaganpr

When running the CGI version of 4.0.6 under windows, I came across this error when trying to call a stored procedure in SQL Server using odbc_execute w/ the parameter array set:
FATAL:  emalloc():  Unable to allocate 268675669 bytes
Scary error, huh? In my case it just meant that SQL Server couldn't find the stored procedure.  Totally my fault, but a rather nondescript error message.
p.


wntrmute

Solid Issue:
Solid defines CHAR, VARCHAR, LONG VARCHAR, BINARY, VARBINARY, and LONG VARBINARY to be a maximum of 2G in length.  However, when creating your tables for use with PHP one should choose LONG VARCHAR or LONG VARBINARY for these kinds of fields if you are planning on storing really large or lengthy data.  IE: Data exceeding 64k in length such as GIF/JPG, or really huge text areas.


tcmleung

odbc has a maximum buffer size, that means it only stores and retrieves a limited size of data to/from database each time. The maximum buffer size is 4096 and set in php.ini (odbc.defaultlrl). You can set it to higher value for larger data access.

traynor

Obdc_prepare and obdc_execute can only be used as an alternative to odbc_exec in limited circumstances:
$con = obdc_connect ($dsn, $user, $pass);
$sql = "select * from TABLE";
$result = obdc_exec ($con, $sql); //this line can be replaced as blow
//then to see results:
odbc_result_all ($result);
odbc_free_result ($result);
odbc_close ($con);
gives the same result with the middle line as:
$result = odbc_prepare ($con, $sql);
odbc_execute ($result);
as long as $sql contains a well formed and complete query.
There is no point in trying to convert this into a parameter query with question marks as placeholders, since code like this will result only in error messages:
$sql = "select * from TABLE where needle = ?";
$result = odbc_prepare ($con, $sql);
for ($i = 0; $i < 4; $i++)
{
 odbc_execute ($result, array ($i));
 // and whatever you want to do with the result
 // but all you get is "parameter expected" or "count does not match"
}
The lack of documentation for such functions should have been an alarm signal.


russell dot brown

In reply to tcmleung at yahoo dot com (09-Nov-2001), I would add a caveat that I've found, which is that the odbc.defaultlrl/odbc_longreadlen() values may only apply to odbc->php conversion and not php->odbc (though this may be database-specific). Hence, if you want to post binary data the 4096 byte limit still stands. So you stand a better chance of being able to post binary data using the quoted filename upload procedure described above, rather than using the prepare... execute method with data held in a php variable.

svemir_at_baltok.com

In reply to cpoirier's note from 04-Mar-2001 03:30:
Currently, Access 2000 DOES support parametrized queries via ODBC. It still seems to have a problem with Memo and OLE fields, but "normal" types work just fine.


a dot brock

I have a solution for the problem with the strings beeing interpreted as filename because of the single quotes:
Just add a blank to the end of the string:
<?php
function odbc_escape_params ($params) {
if (!is_array($params) or empty($params)) {
 return array();
}
foreach ($params as $key=>$val) {
 if (strlen($val) > 1 and $val{0} == "'" and $val{strlen($val)-1} == "'") {
  $params[$key] .= ' ';
 }
}
return $params;
}
?>


noreply

i had trouble executing an INSERT using MS ACCESS 2000 - for some reason the problem resolved when I used odbc_connect as opposed to odbc_pconnect. (thought this might help someone else out)

sjericson

I don't think odbc_prepare and odbc_execute support output parameters for stored procedures on MSSQL.  An example of output parameters for MSSQL is at  http://support.microsoft.com/support/kb/articles/q174/2/23.asp
Also, my MSSQL driver seems happy only when I use the following incantation:
...code removed...
$stmt=odbc_prepare($conn_id, "exec my_proc_name ?,?,?");
$parms=array("fred","password",5);
if (!odbc_execute($stmt, &$parms)) die("odbc_execute failed");


nospam

For examples how to use the parameters array see the example for
function.serialize.php
in the Misc. section.


tony dot wood

For a simple database insert to a database that has no password and $from and $to are predefined variables.
/* get connection */
$conn=odbc_connect("mydb","","");
/* run insert */
$stmt = odbc_prepare($conn, "INSERT INTO mytable (jor_from, jor_to) VALUES('$from', '$to');" );
/* check for errors */
if (!odbc_execute($stmt)) {
   /* error  */
echo "Whoops";
}
/* close connection */
odbc_close($conn);


mjs

Don't miss the part where it says that if your string starts and ends with a single quote, the string is interpreted as a filename!
This means that you can't do:
$sth = odbc_prepare($dbh, "INSERT INTO people(name) VALUES(?)");
$res = odbc_execute($sth, array($name));
without checking the value of $name--if $name is, say, '\\'c:\\passwords.txt\\'' the contents of c:\\passwords.txt get inserted into your database as a "name".
Also, despite what the documentation suggests, there (incredibly) doesn't appear to be any way to escape your single quotes (via experimentation, and from reading the source): if your string starts and ends with a single quote you cannot use odbc_execute to insert it into the database.


cpoirier

A quick note in hopes that my pain will save someone else:  Microsoft Access ODBC drivers do not support parameterized queries.

Change Language


Follow Navioo On Twitter
odbc_autocommit
odbc_binmode
odbc_close_all
odbc_close
odbc_columnprivileges
odbc_columns
odbc_commit
odbc_connect
odbc_cursor
odbc_data_source
odbc_do
odbc_error
odbc_errormsg
odbc_exec
odbc_execute
odbc_fetch_array
odbc_fetch_into
odbc_fetch_object
odbc_fetch_row
odbc_field_len
odbc_field_name
odbc_field_num
odbc_field_precision
odbc_field_scale
odbc_field_type
odbc_foreignkeys
odbc_free_result
odbc_gettypeinfo
odbc_longreadlen
odbc_next_result
odbc_num_fields
odbc_num_rows
odbc_pconnect
odbc_prepare
odbc_primarykeys
odbc_procedurecolumns
odbc_procedures
odbc_result_all
odbc_result
odbc_rollback
odbc_setoption
odbc_specialcolumns
odbc_statistics
odbc_tableprivileges
odbc_tables
eXTReMe Tracker