Link to home
Start Free TrialLog in
Avatar of securityresearch
securityresearch

asked on

Prepared Statements, Oracle & C#

Hi.

I'm simply trying to use Prepared Statements with Oracle and c#.

I tried several code snippets from all over the web and my brain (It works with java&oracle or .NET&MSSQL...)

Here's my current test-code-snippet:

                sqlStatement = "INSERT INTO tmp (ID, NAME) VALUES(@ID, @NAME)";
                OracleCommand cmd = new OracleCommand(sqlStatement, this.dbCon);

                cmd.Parameters.Add(new OracleParameter("@ID",   OracleDbType.Varchar2, 15));
                cmd.Parameters.Add(new OracleParameter("@NAME", OracleDbType.Varchar2, 15));

                cmd.Prepare();

                cmd.Parameters["@ID"].Value = "3wfwef";
                cmd.Parameters["@NAME"].Value = "lyxfggh";

                cmd.ExecuteNonQuery();

Whenever I try to Execute the Statement I get the following execption:
Oracle.DataAccess.Client.OracleException ORA-00936: missing expression
The exeption is not the problem, it is clear: The db always tries to insert the dummy parameters (eg.: @ID)  to the table, and throws an error because (in our case because of VARCHARs) of the missing apostrophs.

It seems that it does not even try to precompile the SQL Statement.

Any suggestions?

Best Regards Gernot

ASKER CERTIFIED SOLUTION
Avatar of slightwv (䄆 Netminder)
slightwv (䄆 Netminder)
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of securityresearch
securityresearch

ASKER

Thanks a lot, this was the problem.