您的位置: 首页  >  技术问答  >  ORA-00947没有足够的值错误 - 不应该是任何错误?

ORA-00947没有足够的值错误 - 不应该是任何错误?

分类: 技术问答 2022-03-09 11:43:31
问题描述:

I am creating a PHP file that allows users to upload .csv files to it via a HTML form. From there, it will update the database. I have sucessfully created the code which sends the .csv to the PHP.

No, the problem isn't that the columns are null. I tested each and they show up fine.

Here is the error I get:

Warning: oci_execute(): ORA-00947: not enough values in <DIRECTORY> on line 43

Below is my source for the form handler:

    <?php

if(isset($_POST['numbers']))
{

  $file = fopen($_FILES['uploaded']['tmp_name'], 'r');
  if($file) {
    while (($line = fgetcsv($file)) !== FALSE) {
    $csv_array[] = array_combine(range(1, count($line)), array_values($line));
    }
  }
}

?>
<br>
<?php
    require_once("mcl_Oci.php");

    $ArrayNumber = 1;   


    $GF=$csv_array["$ArrayNumber"]["1"];
    $CREW_NUMBER=$csv_array["$ArrayNumber"]["2"];
    $FOREMAN_NAME=$csv_array["$ArrayNumber"]["3"];
    $PHONE_NUMBER=$csv_array["$ArrayNumber"]["4"];
    $TYPE=$csv_array["$ArrayNumber"]["5"];
    $AVAILABLE=$csv_array["$ArrayNumber"]["6"];
    $CONTRACTOR=$csv_array["$ArrayNumber"]["7"];
    $SERVICE_CENTER=$csv_array["$ArrayNumber"]["8"];
    $COMMENTS = $csv_array["$ArrayNumber"]["9"];

    $objConnect = oci_connect("user", "pass", "(description=(address=(protocol=tcp)(host=host.com)(port=1533))(connect_data=(service_name=SID)))");
    $strSQL =  "INSERT INTO TABLE (GF, 
                   CREW_NUMBER, 
             FOREMAN_NAME, 
             PHONE_NUMBER, 
             TYPE, 
             AVAILABLE, 
             CONTRACTOR, 
             SERVICE_CENTER, 
             COMMENTS) VALUES ('$GF, $CREW_NUMBER, $FOREMAN_NAME, $PHONE_NUMBER, $TYPE, $AVAILABLE, $CONTRACTOR, $SERVICE_CENTER, $COMMENTS')";
    $objParse = oci_parse($objConnect, $strSQL);  
    $objExecute = oci_execute($objParse); //LINE 43//

?>

I don't think you'll need source from the form, but here it is anyway:

   <form name="file" enctype="multipart/form-data" action="update_handler2.php" method="post" >

       <u>GF:</u> <input type="file" name="uploaded"br>

       <input type="submit" value="Submit">

   </form>

Change this line:

VALUES ('$GF, $CREW_NUMBER, $FOREMAN_NAME, $PHONE_NUMBER, $TYPE, $AVAILABLE, $CONTRACTOR, $SERVICE_CENTER, $COMMENTS')

To this:

VALUES ('$GF', '$CREW_NUMBER', '$FOREMAN_NAME', '$PHONE_NUMBER', '$TYPE', '$AVAILABLE', '$CONTRACTOR', '$SERVICE_CENTER', '$COMMENTS')

I'm not familiar with PHP but this looks like a huge SQL injection vulnerability. I assume there's a way to do this with bind variables.

相关推荐