stackoom
  简体   繁体   中英

PHP pdo_odbc SQL Server Stored Procedure Unexpected Error

 原文  2013-11-08 16:45:06       php/ sql/ sql-server-2005/ stored-procedures/ pdo

Question

I'm having a problem with PHP and a stored procedure in SQL Server 2005. I haven't really touched stored procedures before and haven't used them with php. I can't retrieve a value from a table that I know is definitely there. I have a simple login table, what I want the stored procedure to do is to take a username as an input and then output that user's password salt. I want the stored procedure to use parameterised values to avoid SQL injection. What happens at the moment is when the php page is run, nothing is returned and the SQL Profiler displays the following error: 

User Error Message: Incorrect Syntax near '@Username'.

While this error message should tell me something is wrong, I can't for the life of me see where the incorrect syntax is.

Copy of the Php: 

$user = "usercm";
$password ="cmuserpassword";
try{$conn = new PDO("odbc:DRIVER={SQL Server Native Client 10.0};SERVER=TestingServer;DATABASE=TestingDatebase;",$user,$password);}
catch(PDOException $e){echo "oh no";}

$username = "sdct";

$prepusp = $conn->prepare("EXEC uspReturnSalt(?,?)");
$prepusp->bindParam(1, $username, PDO::PARAM_STR);
$prepusp->bindParam(2, $usersalt, PDO::PARAM_STR, 450);
$prepusp->execute();

Copy of the Stored Procedure: 

ALTER PROCEDURE [dbo].[uspReturnSalt]
    @Username NVARCHAR(100),
    @Usersalt NVARCHAR(450) OUTPUT
AS
BEGIN
    DECLARE @sqlcmd NVARCHAR(MAX);
    DECLARE @params NVARCHAR(MAX);
    SET @sqlcmd = N'SELECT @Usersaltone = salt FROM CMUsers WHERE username = @Usernameone';
    SET @params = N'@Usernameone NVARCHAR(100), @Usersaltone NVARCHAR(450) OUTPUT';
    EXECUTE sp_executesql @sqlcmd, @params, @Usernameone = @Username, @Usersaltone = @Usersalt OUTPUT;
END

To clarify, the server this is on runs Windows 2003 so I cannot use the sqlsrv drivers as they require SQL Server Native Client 2012 which is incompatible. It is impossible to upgrade the operating system (server isn't mine) so I can't use any php drivers that require SQL Server Native Client 2012.

If anyone could help I would be eternally grateful.

EDIT1:

Here is the sql profiler messages before and after that error: 

RPC:Completed      |    exec [sys].sp_sproc_columns_90 N'uspReturnSalt' ,@ODBCVer=3

RPC:Starting       |    declare @p1 int
                      set @p1 =NULL
                      exec sp_prepare @p1 output,N'@Username nvarchar(100),@P2 text OUTPUT' ,N'EXEC uspReturnSalt(@Username,@P2 OUTPUT)' ,1
                      select @p1

Exception          |    Error: 102, Severity: 15, State: 1

User Error Message |    Incorrect syntax near '@Username'.

SP:CacheMiss       |    (@Username nvarchar(100),@P2 text OUTPUT)EXEC uspReturnSalt(@Username,@P2 OUTPUT)

Exception          |    Error: 8180, Severity: 16, State: 1

User Error Message |    Statement(s) could not be prepared

RPC:Completed      |    declare @p1 int
                        set @p1=NULL
                        exec sp_prepare @p1 output, N'@Username nvarchar(100),@P2 text OUTPUT' ,N'EXEC uspReturnSalt(@Username,@P2 OUTPUT)',1
                        select @p1

3 answers

solution1
 1 ACCPTED  2013-11-11 13:35:27

$prepusp = $conn->prepare("EXEC uspReturnSalt(?,?)"); Needs to be changed to: $prepusp = $conn->prepare("{CALL uspReturnSalt(?,?)}");

They are both actually supposed to work. Even the {} around the EXEC statement doesn't work. Only CALL will work.

solution2
 -1  2013-11-08 16:50:41

how about changing these lines 

$prepusp = $conn->prepare("EXEC uspReturnSalt(?,?)");
$prepusp->bindParam(1, $username, PDO::PARAM_STR);
$prepusp->bindParam(2, $usersalt, PDO::PARAM_STR, 450);
$prepusp->execute();

to 

$prepusp = $conn->prepare("EXEC uspReturnSalt(:username,:usersalt)");
$prepusp->bindParam(":username", $username, PDO::PARAM_STR);
$prepusp->bindParam(":usersalt", $usersalt, PDO::PARAM_STR, 450);
$prepusp->execute();

and then try

solution3
 -1  2013-11-11 11:21:47

Long shot but worth a try, try change 

ALTER PROCEDURE [dbo].[uspReturnSalt]
    @Username NVARCHAR(100),
    @Usersalt NVARCHAR(450) OUTPUT
AS

to 

ALTER PROCEDURE [dbo].[uspReturnSalt]
(
    @Username NVARCHAR(100),
    @Usersalt NVARCHAR(450) OUTPUT
)
AS

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Invalid cursor state - pdo_odbc FreeTDS SQL Server PHP PDO_ODBC() or ODBC(unified)? PHP PDO_ODBC configure: error: C compiler cannot create executables Enabling PHP pdo_odbc extension on a Mac OSX How to install pdo_odbc in Docker php image Calling odbc_fetch_array after executing a stored procedure in PHP gives error [Microsoft][ODBC SQL Server Driver]Invalid Descriptor Index Pass array to SQL Server Function/Stored Procedure using PHP PDO Executing a SQL Server Stored Procedure with parameters using PDO in php Running a MS SQL server stored procedure with a mac in php using PDO Calling SQL Server Stored Procedure using PHP PDO from Lumen for return value gives syntax error
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM