Closed CloudTheWolf closed 5 years ago
Hi, aside from you issue, you are using Dibi in a wrong way, open to SQL injection. You must not pass unknown parameters from client directly to SQL query. The correct way is:
$Users = $database->query('exec getUsersByName @firstName = ?', $_POST['firstName']);
According to your issue... I cannot reproduce it. I'm using:
sqlsrv
driverI create table, fills it by data, create stored procedure and after exec
call by Dibi, I'll get all matching rows.
Hmmm Strange
I am Running PHP 7.2.7 (x64) with sqlsrv 5.3.0+11108 and Dibi 4.0.0. I can only guess it's either a 7.2.7 issue (I can change this and test) or it's because the SQL Server is running 2008 (Unfortunately I can't change this, so would need to code my way around this)
Maybe version of Native Client is important. I have Microsoft SQL Server 2012 Native Client (11.3.6540.0)
It works with PHP 7.2.8 too.
I had the same issue with some of my stored procedures. I could fix this issue by the usage of "SET NOCOUNT ON".
PHP 7.3.2 Dibi 4.0.1
This looks to have been an issue on the SQL Server side as it has been migrated to a new server and not had this issue since.
Version: 4.0.0
Bug Description
Running T-SQL Exec Queried to call a stored procedure results in the following error:
Steps To Reproduce
Create a simple table (Eg users) with columns ID, firstName and lastName and insert some dummy data.
Create a Stored Procedure Eg.
SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO create procedure [getUsersByName] @firstName varchar(255) AS BEGIN SELECT * FROM users where firstName = @firstName END GO
Then add the following PHP $Users = $database->query("exec getUsersByName @firstName='".$_POST['firstName']."'"); foreach($Users as $User){ echo('
'.$User->firstName.' '.$User->lastName.' ('.$User->id.')
'); }Expected Behavior
It should be able to pull the data from the database in the same way that running $Users = $database->query("SELECT * FROM users where firstName = '".$_POST['firstName']."'");