odbc_fetch_array

odbc_exec

Last updated: Fri, 05 Sep 2008

odbc_execute

(PHP 4, PHP 5)

odbc_execute — プリペアドステートメントを実行する

説明

bool odbc_execute ( resource $result_id [, array $parameters_array ] )

odbc_prepare() で準備された命令を実行します。

パラメータ

result_id

odbc_prepare() で取得した結果 ID リソース。

parameters_array

プリペアドステートメントの中のプレースホルダが、 parameter_array 内のパラメータで順に置き換えられます。この関数をコールした際に、配列の要素は文字列に変換されます。

parameter_array の中でシングルクォートで括られたデータがある場合、それはファイル名と解釈されます。そのファイルの内容が、該当するプレースホルダのデータとしてデータベースサーバに送信されます。

シングルクォートで括られたデータを純粋に文字列として使用したい場合は、空白などの別の文字を前後に付加する必要があります。それにより、パラメータがファイル名とみなされることがなくなります (もしこのオプションが不要なら、別の仕組み、たとえば odbc_exec() で直接クエリを実行するなどを使用する必要があります)。

返り値

成功した場合に TRUE を、失敗した場合に FALSE を返します。

例

例1 odbc_execute() および odbc_prepare() の例

次のコードは、myproc の 3 つのパラメータがすべて IN パラメータである場合にのみ $success が TRUE となります。


<?php
$a = 1;
$b = 2;
$c = 3;
$stmt    = odbc_prepare($conn, 'CALL myproc(?,?,?)');
$success = odbc_execute($stmt, array($a, $b, $c));
?>

INOUT や OUT パラメータを用いるストアドプロシージャをコールしたい場合は、各データベース専用の拡張モジュール (たとえば MS SQL Server なら mssql、 Oracle なら oci8) を使うようにしましょう。

変更履歴

バージョン	説明
4.2.0	`parameters_array` でのファイルの読み込み機能がセーフモードや open-basedir の制限に対応するようになりました。
4.1.1	リモートファイルが `parameters_array` でサポートされなくなりました。

参考

odbc_prepare()

odbc_fetch_array

odbc_exec

Last updated: Fri, 05 Sep 2008

add a note User Contributed Notes
odbc_execute

jeroen at pyromanic dot nl
05-Jun-2008 10:05


If you want to use stored procedures with MSSQL over ODBC, please read 



http://www.sitepoint.com/article/php-microsoft-sql-server/2



It can you save lots of time ;)

traynor at uni hyphen hannover dot de
08-Nov-2007 03:09


Obdc_prepare and obdc_execute can only be used as an alternative to odbc_exec in limited circumstances:



$con = obdc_connect ($dsn, $user, $pass);

$sql = "select * from TABLE";



$result = obdc_exec ($con, $sql); //this line can be replaced as blow

//then to see results:



odbc_result_all ($result);

odbc_free_result ($result);

odbc_close ($con);



gives the same result with the middle line as:



$result = odbc_prepare ($con, $sql);

odbc_execute ($result);



as long as $sql contains a well formed and complete query.



There is no point in trying to convert this into a parameter query with question marks as placeholders, since code like this will result only in error messages:



$sql = "select * from TABLE where needle = ?";

$result = odbc_prepare ($con, $sql);

for ($i = 0; $i < 4; $i++)

{

  odbc_execute ($result, array ($i));

  // and whatever you want to do with the result

  // but all you get is "parameter expected" or "count does not match"

}



The lack of documentation for such functions should have been an alarm signal.

a dot brock at hhv-rheinklang dot de
24-Aug-2006 01:38


I have a solution for the problem with the strings beeing interpreted as filename because of the single quotes:



Just add a blank to the end of the string:



<?php

function odbc_escape_params ($params) {

 if (!is_array($params) or empty($params)) {

  return array();

 }

 foreach ($params as $key=>$val) {

  if (strlen($val) > 1 and $val{0} == "'" and $val{strlen($val)-1} == "'") {

   $params[$key] .= ' ';

  }

 }

 return $params;

}

?>

mjs at beebo dot org
27-Mar-2006 11:57


Don't miss the part where it says that if your string starts and ends with a single quote, the string is interpreted as a filename!



This means that you can't do:



$sth = odbc_prepare($dbh, "INSERT INTO people(name) VALUES(?)");

$res = odbc_execute($sth, array($name));



without checking the value of $name--if $name is, say, '\\'c:\\passwords.txt\\'' the contents of c:\\passwords.txt get inserted into your database as a "name".



Also, despite what the documentation suggests, there (incredibly) doesn't appear to be any way to escape your single quotes (via experimentation, and from reading the source): if your string starts and ends with a single quote you cannot use odbc_execute to insert it into the database.

russell dot brown at removethis dot insignia dot com
09-Feb-2004 09:55


In reply to tcmleung at yahoo dot com (09-Nov-2001), I would add a caveat that I've found, which is that the odbc.defaultlrl/odbc_longreadlen() values may only apply to odbc->php conversion and not php->odbc (though this may be database-specific). Hence, if you want to post binary data the 4096 byte limit still stands. So you stand a better chance of being able to post binary data using the quoted filename upload procedure described above, rather than using the prepare... execute method with data held in a php variable.

svemir_AT_baltok.com
06-Sep-2002 07:45


In reply to cpoirier's note from 04-Mar-2001 03:30:



Currently, Access 2000 DOES support parametrized queries via ODBC. It still seems to have a problem with Memo and OLE fields, but "normal" types work just fine.

tcmleung at yahoo dot com
09-Nov-2001 10:22


odbc has a maximum buffer size, that means it only stores and retrieves a limited size of data to/from database each time. The maximum buffer size is 4096 and set in php.ini (odbc.defaultlrl). You can set it to higher value for larger data access.

sjericson at mindspring dot com
26-Aug-2001 07:43


I don't think odbc_prepare and odbc_execute support output parameters for stored procedures on MSSQL.  An example of output parameters for MSSQL is at  http://support.microsoft.com/support/kb/articles/q174/2/23.asp





Also, my MSSQL driver seems happy only when I use the following incantation:





...code removed...


$stmt=odbc_prepare($conn_id, "exec my_proc_name ?,?,?"); 


$parms=array("fred","password",5);


if (!odbc_execute($stmt, &$parms)) die("odbc_execute failed");

reaganpr at hotmail dot com
24-Jul-2001 01:50


When running the CGI version of 4.0.6 under windows, I came across this error when trying to call a stored procedure in SQL Server using odbc_execute w/ the parameter array set:





FATAL:  emalloc():  Unable to allocate 268675669 bytes





Scary error, huh? In my case it just meant that SQL Server couldn't find the stored procedure.  Totally my fault, but a rather nondescript error message.





p.

cpoirier at shelluser dot net
04-Mar-2001 11:30


A quick note in hopes that my pain will save someone else:  Microsoft Access ODBC drivers do not support parameterized queries.

edrenth at thematec dot nl
17-Oct-2000 03:17


When used with parameters and the statement fails, you cannot use different arguments anymore, the same arguments as with the failed statement will be used.

tony dot wood at revolutionltd dot com
28-May-1999 01:08


For a simple database insert to a database that has no password and $from and $to are predefined variables.





<?php


/* get connection */


$conn=odbc_connect("mydb","","");





/* run insert */


$stmt = odbc_prepare($conn, "INSERT INTO mytable (jor_from, jor_to) VALUES('$from', '$to');" );





/* check for errors */


if (!odbc_execute($stmt)) {


    /* error  */


    echo "Whoops";


}





/* close connection */


odbc_close($conn);


?>

wntrmute at tampabay dot rr dot com
16-Aug-1998 06:22


Solid Issue:


Solid defines CHAR, VARCHAR, LONG VARCHAR, BINARY, VARBINARY, and LONG VARBINARY to be a maximum of 2G in length.  However, when creating your tables for use with PHP one should choose LONG VARCHAR or LONG VARBINARY for these kinds of fields if you are planning on storing really large or lengthy data.  IE: Data exceeding 64k in length such as GIF/JPG, or really huge text areas.

add a note

odbc_fetch_array

odbc_exec

Last updated: Fri, 05 Sep 2008