hi all, I managed to get this little snippet working, it's pretty useful if you have long forms to be inserted into a database.
if ( ! empty ( $_POST ) ){
array_pop($_POST);
foreach($_POST as $key => $val){
$columns .= addslashes($key) . ", ";
$values .= "'" . addslashes($val) . "', ";
}
$values = substr_replace($values, "", -2);
$columns = substr_replace($columns, "", -2);
$sql = "INSERT INTO table ($columns) VALUES ($values)";
echo $sql;
$results = odbc_exec($conn, $sql);
if ($results){
echo "Query Executed";
}else {
echo "Query failed " .odbc_error();
}
}
Not the most secure in the world but, speeds up collecting data from large forms.PHP - Manual: odbc_exec
2025-10-31
odbc_exec
(PHP 4, PHP 5, PHP 7, PHP 8)
odbc_exec — Directly execute an SQL statement
说明
Sends an SQL statement to the database server.
返回值
返回 ODBC 结果对象 if the SQL command was executed
successfully, or false on error.
更新日志
| 版本 | 说明 |
|---|---|
| 8.4.0 |
odbc 现在需要 Odbc\Connection
实例;之前需要 resource。
|
| 8.4.0 | 此函数现在返回 Odbc\Result 实例;之前返回 resource。 |
| 8.0.0 |
flags was removed.
|
参见
- odbc_prepare() - Prepares a statement for execution
- odbc_execute() - Execute a prepared statement
+添加备注
用户贡献的备注 19 notes
james @ php-for-beginners co uk ¶
19 years ago
rupix at rediffmail dot com ¶
21 years ago
I tried the following line of code
<?php
$odbc=odbc_connect("pbk", "root","") or die(odbc_errormsg());
$q="insert into pbk values(\"$name\", \"$phone\")";
print $q;
odbc_exec($odbc, $q) or die("<p>".odbc_errormsg());
?>
it does not work. However if I use single quotes instead of \" the thing runs smoothly
thus the following would work
<?php
$odbc=odbc_connect("pbk", "yourworstnightmare","abracadabra") or die(odbc_errormsg());
$q="insert into pbk values('$name', '$phone')";
print $q;
odbc_exec($odbc, $q) or die("<p>".odbc_errormsg());
?>
Also having a user dsn is no good on win2k. Always have a System DSN. I don't know yet what are the implications of the same.
gross at arkana dot de ¶
25 years ago
If you're running NT/IIS with PHP 3.0.11 and want to use MS Access dbs with "stored procedures" you can send an ODBC SQL query like:
<?php
$conn_id = odbc_connect( "odbc_test_db", "", "", SQL_CUR_USE_DRIVER );
$qry_id = odbc_do( $conn_id, "{CALL MyQuery}" );
?>
This way you don't need to integrate query strings like
SELECT * FROM TblObject WHERE (((TblObject.something) Like "blahblahblah"));
in the php file. You directly call the query "MyQuery" that was generated by MS Access.
rmkim at uwaterloo dot ca ¶
25 years ago
for Win32(NT) and MSAcess 2000, whenever you retrieve a date column/field, php will automatically convert it to 'yyyy/mm/dd hh:mm:ss' format regardless of the style of date you've denoted in Access.
This seems to pose a problem when you exec SELECT, UPDATE, or DELETE queries, but strangley INSERT works fine. I've tried parsing the date into the desired format, but php still yells criteria mismatch.
mir eder ¶
17 years ago
If you are having problems with truncated text fields from ODBC queries (pe. at 4096 characters), try some of the following:
in php.ini:
- odbc.defaultlrl = 65536
in your php code, before your queries:
- ini_set ( 'odbc.defaultlrl' , '65536' );
das_yrch at hotmail dot com ¶
21 years ago
I tried this way to see the results of a query and it works!!
$Conn = odbc_connect
("bbdd_usuaris","","",SQL_CUR_USE_ODBC );
$result=odbc_exec($Conn,"select nom from usuaris;");
while(odbc_fetch_row($result)){
for($i=1;$i<=odbc_num_fields($result);$i++){
echo "Result is ".odbc_result($result,$i);
}
}
Anonymous ¶
19 years ago
The following seems counterintuitive to me and so I am constantly getting burned by it. Just thought I'd add a note for anyone else who might also get burned.
if (!odbc_exec("select MyValue from MyTable where Key1='x' and Key2='y'"))
is not a good way to search for the existence of a record with Key1 = x and Key2 = y. The odbc_exec always returns a result handle, even though there aren't any records.
Rather, you must use one of the fetch functions to find out that the record really doesn't exist. This should work:
if (!($Selhand = odbc_exec("select MyValue from MyTable where Key1='x' and Key2='y'"))
|| !odbc_result($Selhand, 1))
Sean Boulter ¶
20 years ago
If a single quote exists within the field specified by your WHERE statement, ODBC fails because of a parsing error. Although it seems intuitive, using \" around the field does not work (\"$var\"). The only solution I found was to replace all single quotes in my field with two single quotes. ODBC interprets the first single quote as an escape character and interprets the second single quote as a literal. Thanks to http://www.devguru.com/features/knowledge_base/A100206.html for this tip.
miguel dot erill at doymer dot com ¶
22 years ago
In a previous contribution it was told that if you're running NT/IIS with PHP 3.0.11 you can use MS Access dbs "stored procedures".
That was right, but if those stores procedures have parameters you have to supply them in the command line like this:
$conn_id = odbc_connect( "odbc_test_db", "","", SQL_CUR_USE_DRIVER );
$qry_id = odbc_do( $conn_id, "{CALL MyQuery(".$param.")}" );
lee200082 at hotmail dot com ¶
23 years ago
As an addition to the note about square brackets earlier:
Enclosing sql field names in '[' and ']' also allows you to use MS Access reserved words like 'date' and 'field' and 'time' in your SQL query... it seems that the square brackets simply tell Access to ignore any other meaning whatever is inside them has and take them simply as field names.
sk2xml at gmx dot net ¶
23 years ago
Problem: Fieldnames in SQL-Statement have blanks and [] don't work!
Solution: Try "" instead
Ex.:
SELECT table2.first, table1.[last name] FROM tabel1, table2 -> don't work
SELECT table2.first, table1.\"last name\" FROM tabel1, table2 -> Try this
PS: Don't forget the espace characters !!!
akchu at at ualberta dot ca ¶
24 years ago
ODBC/MS Access Date Fields:
Matching dates in SELECT statements for MS Access requires the following format:
#Y-m-d H:i:s#
for example:
SELECT * FROM TableName WHERE Birthdate = #2001-01-07 00:00:00#
or
SELECT * FROM TableName WHERE Birthdate BETWEEN #2000-01-07 00:00:00# AND #2001-01-07 00:00:00#
This took me forever to figure out.
vpil at retico dot com ¶
24 years ago
Additional links to ODBC_exec:
How to actually write the SQL commands:
http://www.roth.net/perl/odbc/faq/
http://www.netaxs.com/~joc/perl/article/SQL.html
Demystifying SQL
BIG REF MANUAL:
http://w3.one.net/~jhoffman/sqltut.htm
Introduction to Structured Query Language
Covers read, add, modify & delete of data.
petercdow at gmail dot com ¶
11 years ago
An SQL statement that contains quotes (i.e. ") instead of apostrophes (i.e. ') to delimit strings works fine in Access, however, in odbc_exec, it fails with
[Microsoft][ODBC Microsoft Access Driver] Too few parameters. Expected 6.
For example:
$q = "INSERT INTO TableA (Fld1, Fld2, Fld3) VALUES('A', 'B', 'C');"
works fine in both Access and ODBC, but
$q = 'INSERT INTO TableA (Fld1, Fld2, Fld3) VALUES("A", "B", "C");'
fails with the above error.
rob at vendorpromotions dot com ¶
21 years ago
This opens select statements 'for update' by default in db2. If you're using db2, you have to tack on 'for read only' at the end to select from SYSCAT.TABLES, for example, without firing an error like
Warning: SQL error: [IBM][CLI Driver][DB2/LINUX] SQL0151N The column "MAXFREESPACESEARCH" cannot be updated. SQLSTATE=42808 , SQL state 42808 in SQLExecDirect
For example :
$query = odbc_exec($conn, "select * from syscat.tables for read only");
odbc_result_all($query);
will work (only for db2). I don't know about other databases.
The select statement will work in the 'db2' command line, but not in php, because of this side effect.
delowing gmail dot com ¶
18 years ago
It is easy to inject evil code into SQL statements. This wraps parameters in quotes so they are not executable. In your own stored procedures you can convert the string to numeric as needed.
function sql_make_string($sin){
return "'".str_replace("'","''",$sin)."'";
}
// this may delete all data from MYTABLE
$evil = "734'; DELETE FROM MYTABLE; print 'ha ha";
$sql = "SELECT * FROM MYTABLE WHERE mykey = '$evil'";
$rst = odbc_exec($connection,$sql);
// this probably will not delete the data.
$good = sql_make_string($evil);
$sql = "SELECT * FROM MYTABLE WHERE mykey =".$good
$rst = odbc_exec($connection,$sql);
fuadMD at gmail dot com ¶
19 years ago
<?php
// - This is a complete working dynamic example of using:
// odbc_connect, odbc_exec, getting col Names,
// odbc_fetch_row and no of rows. hope it helps
// - your driver should point to your MS access file
$conn = odbc_connect('MSAccessDriver','','');
$nrows=0;
if ($conn)
{
$sql = "select * from $month";
//this function will execute the sql satament
$result=odbc_exec($conn, $sql);
echo "<table align=\"center\" border=\"1\" borderColor=\"\" cellpadding=\"0\" cellspacing=\"0\">\n";
echo "<tr> ";
// -- print field name
$colName = odbc_num_fields($result);
for ($j=1; $j<= $colName; $j++)
{
echo "<th align=\"left\" bgcolor=\"#CCCCCC\" > <font color=\"#990000\"> ";
echo odbc_field_name ($result, $j );
echo "</font> </th>";
}
$j=$j-1;
$c=0;
// end of field names
while(odbc_fetch_row($result)) // getting data
{
$c=$c+1;
if ( $c%2 == 0 )
echo "<tr bgcolor=\"#d0d0d0\" >\n";
else
echo "<tr bgcolor=\"#eeeeee\">\n";
for($i=1;$i<=odbc_num_fields($result);$i++)
{
echo "<td>";
echo odbc_result($result,$i);
echo "</td>";
if ( $i%$j == 0 )
{
$nrows+=1; // counting no of rows
}
}
echo "</tr>";
}
echo "</td> </tr>\n";
echo "</table >\n";
// --end of table
if ($nrows==0) echo "<br/><center> Nothing for $month yet! Try back later</center> <br/>";
else echo "<br/><center> Total Records: $nrows </center> <br/>";
odbc_close ($conn);
}
else echo "odbc not connected <br>";
?>
phobo at at at paradise dot net dot nz ¶
24 years ago
If Openlink -> MS Access Database fails and gives "Driver Not Capable" error or "No tuples available" warning, use the SQL_CUR_USE_ODBC cursor when using odbc_connect()...
Siggy
IT
PHP
编程语言
开发编程
Linux
科技
Elasticsearch
HTML/CSS/XML
面试
数据库
网络
JAVA
NoSQL
C/C++
Golang
操作系统
Git
算法
正则表达式
Redis
互联网
MySql
软件
运维
JavaScript
国际
架构设计
Mac OS
Excel
TCP/IP
Windows
Oracle
Socket
Vim
VR
MongoDB
运营
Python
MemCache
商业
硬件
电子
娱乐
设计
摄影
nginx
WordPress
游戏
HTTP
团建
数码电器
Docker
广告
php7.3 使用 PDO_DM 扩展连接 DM8 中文乱码
PhpStorm中PHP注释的规范指南
使用PHPWord将docx文件转换为html格式
docker-compose启动nginx与php-fpm
laravel查看orm生成的sql
PHPStorm ESC 会退出命令行
composer install参数
laravel orm中DB::insert方法导致内存泄漏的问题解决方法
php7 安装fileinfo扩展
adodb手册
ADORecordSet对象
常用的php ADODB使用方法集锦
ADOConnection 公用函数
利用php soap实现web service
adodb连接mysql多个数据库的问题
mysql面试题
PHP json解析(json_decode)页面工具
[PHP] inet_pton/inet_ntop IP地址转换函数
PHP程序标准注释的规范准则
PHP7添加redis扩展