Could someone tell me what is wrong with this code?? (besides being dirty and inefficient... right now I just want it to work)

I get OCIStmtExecute: ORA-00917: missing comma and OCILobWrite: OCI_INVALID_HANDLE errors!@!?

foreach($buffer as $line) {
if($line != "") {
list($id,$title,$class,$remote,$local,$discussion,$exploit,$solution,$published,$credit,$cve,$exploits,$impact,$credibility,$summary,$short_summary,$scenarios,$mitigation,$effect,$ease) = split("\",\"", $line);

$id = str_replace('"', '', $id);
$impact = str_replace('"', '', $impact);

$title = urlencode($title);
$class = urlencode($class);
$remote = urlencode($remote);
$local = urlencode($local);
$published = urlencode($published);
$credit = urlencode($credit);
$cve = urlencode($cve);
$credibility = urlencode($credibility);
$short_summary = urlencode($short_summary);
$ease = urlencode($ease);
$discussion = urlencode($discussion);
$exploit = urlencode($exploit);
$solution = urlencode($solution);
$exploits = urlencode($exploits);
$summary = urlencode($summary);	
$scenarios = urlencode($scenarios);
$mitigation = urlencode($mitigation);
$effect = urlencode($effect);
			$ph_discussion = OCINewDescriptor($conn, OCI_D_LOB);
$ph_exploit = OCINewDescriptor($conn, OCI_D_LOB);
$ph_solution = OCINewDescriptor($conn, OCI_D_LOB);
$ph_exploits = OCINewDescriptor($conn, OCI_D_LOB);
$ph_summary = OCINewDescriptor($conn, OCI_D_LOB);
$ph_scenarios = OCINewDescriptor($conn, OCI_D_LOB);
$ph_mitigation = OCINewDescriptor($conn, OCI_D_LOB);
$ph_effect = OCINewDescriptor($conn, OCI_D_LOB);

$sql = "insert into sft_vulnerabilities values (id = $id,title = '$title',class = '$class',";
$sql .= "remote = '$remote',local = '$local',discussion = empty_clob(),exploit = empty_clob(),";
$sql .= "solution = empty_clob(),published = '$published',credit = '$credit',cve = '$cve',";
$sql .= "exploits = empty_clob(),impact = $impact,credibility = '$credibility',summary empty_clob(),";
$sql .= "short_summary = '$short_summary',scenarios = empty_clob(),mitigation = empty_clob(),";
$sql .= "effect = empty_clob(),ease = '$ease')";
$sql .= " returning discussion, exploit, solution, exploits, summary, scenarios, mitigation, effect into ";
$sql .= ":discussion, :exploit, :solution, :exploits, :summary, :scenarios, :mitigation, :effect"; print "--> $sql<br>\n";

$stmt = OCIParse($conn, $sql);
			if(!$stmt) { echo "<h1>ERROR - Could not parse SQL statement. <BR>$sql</h1>"; exit; }

OCIBindByName ($stmt, ":discussion", &$ph_discussion, -1, OCI_B_CLOB);
OCIBindByName ($stmt, ":exploit", &$ph_exploit, -1, OCI_B_CLOB);
OCIBindByName ($stmt, ":solution", &$ph_solution, -1, OCI_B_CLOB);
OCIBindByName ($stmt, ":exploits", &$ph_exploits, -1, OCI_B_CLOB);
OCIBindByName ($stmt, ":summary", &$ph_summary, -1, OCI_B_CLOB);
OCIBindByName ($stmt, ":scenarios", &$ph_scenarios, -1, OCI_B_CLOB);
OCIBindByName ($stmt, ":mitigation", &$ph_mitigation, -1, OCI_B_CLOB);
OCIBindByName ($stmt, ":effect", &$ph_effect, -1, OCI_B_CLOB);

OCIExecute($stmt);

$ph_discussion->save ("$discussion");
$ph_exploit->save ("$exploit");
$ph_solution->save ("$solution");
$ph_exploits->save ("$exploits");
$ph_summary->save ("$summary");
$ph_scenarios->save ("$scenarios");
$ph_mitigation->save ("$mitigation");
$ph_effect->save ("$effect");
OCICommit($conn);
			OCIFreeStatement($stmt);

}

}

Thanks for you help.

    It looks like your insert statement is using more of an update format. An insert statement should look like

    Insert into MyTable (title,class) Values ('$title','$class')

      Write a Reply...