stackoom
  简体   繁体   中英

ORA-00947 Not enough values error - Shouldn't be any error?

 原文  2014-07-02 18:32:28       php/ arrays/ forms/ oracle/ csv

Question

I am creating a PHP file that allows users to upload .csv files to it via a HTML form. From there, it will update the database. I have sucessfully created the code which sends the .csv to the PHP.

No, the problem isn't that the columns are null. I tested each and they show up fine.

Here is the error I get: 

Warning: oci_execute(): ORA-00947: not enough values in <DIRECTORY> on line 43

Below is my source for the form handler: 

    <?php

if(isset($_POST['numbers']))
{

  $file = fopen($_FILES['uploaded']['tmp_name'], 'r');
  if($file) {
    while (($line = fgetcsv($file)) !== FALSE) {
    $csv_array[] = array_combine(range(1, count($line)), array_values($line));
    }
  }
}

?>
<br>
<?php
    require_once("mcl_Oci.php");

    $ArrayNumber = 1;   


    $GF=$csv_array["$ArrayNumber"]["1"];
    $CREW_NUMBER=$csv_array["$ArrayNumber"]["2"];
    $FOREMAN_NAME=$csv_array["$ArrayNumber"]["3"];
    $PHONE_NUMBER=$csv_array["$ArrayNumber"]["4"];
    $TYPE=$csv_array["$ArrayNumber"]["5"];
    $AVAILABLE=$csv_array["$ArrayNumber"]["6"];
    $CONTRACTOR=$csv_array["$ArrayNumber"]["7"];
    $SERVICE_CENTER=$csv_array["$ArrayNumber"]["8"];
    $COMMENTS = $csv_array["$ArrayNumber"]["9"];

    $objConnect = oci_connect("user", "pass", "(description=(address=(protocol=tcp)(host=host.com)(port=1533))(connect_data=(service_name=SID)))");
    $strSQL =  "INSERT INTO TABLE (GF, 
                   CREW_NUMBER, 
             FOREMAN_NAME, 
             PHONE_NUMBER, 
             TYPE, 
             AVAILABLE, 
             CONTRACTOR, 
             SERVICE_CENTER, 
             COMMENTS) VALUES ('$GF, $CREW_NUMBER, $FOREMAN_NAME, $PHONE_NUMBER, $TYPE, $AVAILABLE, $CONTRACTOR, $SERVICE_CENTER, $COMMENTS')";
    $objParse = oci_parse($objConnect, $strSQL);  
    $objExecute = oci_execute($objParse); //LINE 43//

?>

I don't think you'll need source from the form, but here it is anyway: 

   <form name="file" enctype="multipart/form-data" action="update_handler2.php" method="post" >

       <u>GF:</u> <input type="file" name="uploaded"br>

       <input type="submit" value="Submit">

   </form>

1 answers

solution1
 0 ACCPTED  2014-07-02 21:27:34

Change this line: 

VALUES ('$GF, $CREW_NUMBER, $FOREMAN_NAME, $PHONE_NUMBER, $TYPE, $AVAILABLE, $CONTRACTOR, $SERVICE_CENTER, $COMMENTS')

To this: 

VALUES ('$GF', '$CREW_NUMBER', '$FOREMAN_NAME', '$PHONE_NUMBER', '$TYPE', '$AVAILABLE', '$CONTRACTOR', '$SERVICE_CENTER', '$COMMENTS')

I'm not familiar with PHP but this looks like a huge SQL injection vulnerability. I assume there's a way to do this with bind variables.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Php error that shouldn't be happening with mysqli Fatal error: Allowed memory size, but it shouldn't be PHP code defaulting to an error when it shouldn't be shouldn't PHP array recursion throw an error? This gets an error even though it shouldn't OCILOGON error ORA 12514 ORA-01722 error message Why does LinkedIn v2 Share API give not enough permissions error on any v2/shares endpoint? Finding a (null) related item when there shouldn't be any related Infinate loop? Missing something? I don't know what going on Error: 500 time out (Shouldn't be happening)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM