ID: 27672
Updated by: [EMAIL PROTECTED]
Reported By: powerblade at mail dot dk
-Status: Open
+Status: Feedback
Bug Type: *General Issues
Operating System: Windows XP
PHP Version: 5CVS-2004-03-24 (dev)
New Comment:
Aha, now I see...
It seems to me, that our manual lies about validation.
That's what OCI docs say about oci_parse (OciStmtPrepare() indeed):
--
An application requests a SQL or PL/SQL statement to be prepared for
execution using the OCIStmtPrepare() call and passing it a previously
allocated statement handle. This is a completely local call, requiring
no round trip to the server.
--
oci_parse will return false only if there is some problems with oracle
connection.
The only way to validate query is to execute it.
So, I need to change the documentation.
Right?
Previous Comments:
------------------------------------------------------------------------
[2004-03-24 10:24:09] powerblade at mail dot dk
Check your output.
1) The error was first detected by oci_execute(). oci_parse() didn't
detect the errornous SQL string.
2) Where is the oracle error message in the exception? I need that info
for debugging.
------------------------------------------------------------------------
[2004-03-24 08:28:48] [EMAIL PROTECTED]
Your code works fine for me.
It returns:
---
Warning: oci_execute() [function.oci-execute.html]: OCIStmtExecute:
ORA-00900: invalid SQL statement in /www/index.php on line 27
Fatal error: Uncaught exception 'DatabaseException' with message '[]
Can't execute query. ' in /www/index.php:31 Stack trace: #0 {main}
thrown in /www/index.php on line 31
---
>oci_parse() - Validates the SQL statement. However this always returns
true so it can't be trusted.
no, this is not true.
it does return false, if something went wrong.
>...and then use oci_error() to get the error, you don't get the error
string it outputs to the screen.
Please, re-check it twice.
This is false too.
And, please, provide more information about your system.
What version of Oracle & Oracle client do you use?
------------------------------------------------------------------------
[2004-03-24 08:14:22] powerblade at mail dot dk
Description:
------------
When executing a statement it goes as this:
oci_parse() - Validates the SQL statement. However this always returns
true so it can't be trusted.
oci_execute() - Executes the query. If anything goes wrong, it simply
outputs it to the screen. If you put a @ infront to avoid the warning
and then use oci_error() to get the error, you don't get the error
string it outputs to the screen.
Reproduce code:
---------------
$query = 'XYZZYX'; /* Invalid SQL string */
$stmt = oci_parse($this->connection, $query);
$aError = oci_error();
if($aError)
{
throw new DatabaseException("[".$aError['code']."] Can't parse
query. ".$aError['message']);
}
$return = oci_execute($stmt);
if($return === FALSE)
{
$aError = @oci_error();
throw new DatabaseException("[".$aError['code']."] Can't execute
query. ".$aError['message']);
}
Expected result:
----------------
Uncaught exception with the string:
[error code] Can't parse query. [error msg]
or
[error code] Can't execute query. [error msg]
Actual result:
--------------
Uncaught exception with the string:
[] Can't execute query []
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=27672&edit=1
