Search code examples
phporacle-databasemodeoracle-call-interface

PHP Warning: oci_fetch_array() expects parameter 2 to be long, string given

I'm trying to define a function to execute an Oracle query and set the mode for oci_fetch_array() dynamically with the string variable received. This is the function:

public function db_single_select($conn,$select,$table,$condition,$fetch_mods='') {

    //A string should be sent to "$fetch_mods" with this format: mode1+mode2+etc...  
    //If a value is not passed to '$fetch_mods', it will be the default fetch mode

    $sql = oci_parse($conn, "select $select from $table where $condition");
    $sql_result = oci_execute($sql, OCI_DEFAULT); 
    if($sql_result){
        if(empty($fetch_mods)) {                    
            $res = oci_fetch_array($sql);
        }
        else{
            $res = oci_fetch_array($sql, $fetch_mods);
        }                   
    }
    else{
        $res = FALSE;
    }               
    oci_free_statement($sql);
    return $res;
}

I call the function like this:

db_single_select($conn, $select, $table_name, $condition, 'OCI_ASSOC');

I get this Warning:

Warning: oci_fetch_array() expects parameter 2 to be long, string given in db_connect.php on line 61

I know that the second parameter (mode) for oci_fetch_array() should be numeric as it says so in the PHP documentation. http://www.php.net/manual/en/function.oci-fetch-array.php

The question is how to set the mode based on a variable received by the function??

Since you can have multiple modes by seperating them with a + sign like

$row = oci_fetch_array ($stid, OCI_ASSOC+OCI_RETURN_NULLS);

, is there an easy way to receive a string like OCI_ASSOC+OCI_RETURN_NULLS in the function and set the mode with that??

Solution

  • You seem to be misunderstanding what constants actually are. In the specific case of OCI_ASSOC (and other OCI constants) it represents a simple integer value. This can be demonstrated by the output of var_dump(OCI_ASSOC); which is int(1). Combining constants such as OCI_ASSOC+OCI_RETURN_NULLS is a simple addition operation with the result of int(5).

    To make your function work you should simply pass the constants directly by removing the surrounding apostrophes:

    db_single_select($conn, $select, $table_name, $condition, OCI_ASSOC);

    SECURITY WARNING:

    Your code is vulnerable to SQL Injection (also see what the PHP manual says about it). You should use parameter binding to mitigate the attack possibilities.