Using oci_parse and oci_execute

Question

I'm sure this is something very basic but I can't seem to find my error.

I'm trying to execute the following...

$c = db_connect();

$email = addslashes($email);

$sql = "SELECT * FROM RUSER WHERE email LIKE '" . $email . "';";
$query = oci_parse($c, $sql) or die(oci_error($c));
$response = oci_execute($query) or die(oci_error($c));

but I get oci8 statement Warning: oci_execute(): ORA-00911: invalid character in /path/to/file.php on line 67 where line 67 is where $response is assigned.

So that means there is something wrong with $query right? But I can't seem to find what that would be. The raw sql executes fine from the command line. echoing get_resource_type($query) gives a resource id...

What am I doing wrong?

Answer 1

Do NOT include the ; in your SQL. The ; is not part of SQL itself, its used by various SQL clients (e.g. sql*plus) as a delimiter to mark the end of commands to be sent to the server.

Answer 2

The first error is

$c = oci_connect("user","password","host/dbname") // db_connect() is not true

second error is there should not be ";" in the statement

$sql = "SELECT * FROM RUSER WHERE email LIKE '" . $email . "';";

it should be

$sql = "SELECT * FROM RUSER WHERE email LIKE '" . $email . "'"; 

if you want to compare better user "=" than LIKE