securityresearch
asked on
Prepared Statements, Oracle & C#
Hi.
I'm simply trying to use Prepared Statements with Oracle and c#.
I tried several code snippets from all over the web and my brain (It works with java&oracle or .NET&MSSQL...)
Here's my current test-code-snippet:
sqlStatement = "INSERT INTO tmp (ID, NAME) VALUES(@ID, @NAME)";
OracleCommand cmd = new OracleCommand(sqlStatement , this.dbCon);
cmd.Parameters.Add(new OracleParameter("@ID", OracleDbType.Varchar2, 15));
cmd.Parameters.Add(new OracleParameter("@NAME", OracleDbType.Varchar2, 15));
cmd.Prepare();
cmd.Parameters["@ID"].Valu e = "3wfwef";
cmd.Parameters["@NAME"].Va lue = "lyxfggh";
cmd.ExecuteNonQuery();
Whenever I try to Execute the Statement I get the following execption:
Oracle.DataAccess.Client.O racleExcep tion ORA-00936: missing expression
The exeption is not the problem, it is clear: The db always tries to insert the dummy parameters (eg.: @ID) to the table, and throws an error because (in our case because of VARCHARs) of the missing apostrophs.
It seems that it does not even try to precompile the SQL Statement.
Any suggestions?
Best Regards Gernot
I'm simply trying to use Prepared Statements with Oracle and c#.
I tried several code snippets from all over the web and my brain (It works with java&oracle or .NET&MSSQL...)
Here's my current test-code-snippet:
sqlStatement = "INSERT INTO tmp (ID, NAME) VALUES(@ID, @NAME)";
OracleCommand cmd = new OracleCommand(sqlStatement
cmd.Parameters.Add(new OracleParameter("@ID", OracleDbType.Varchar2, 15));
cmd.Parameters.Add(new OracleParameter("@NAME", OracleDbType.Varchar2, 15));
cmd.Prepare();
cmd.Parameters["@ID"].Valu
cmd.Parameters["@NAME"].Va
cmd.ExecuteNonQuery();
Whenever I try to Execute the Statement I get the following execption:
Oracle.DataAccess.Client.O
The exeption is not the problem, it is clear: The db always tries to insert the dummy parameters (eg.: @ID) to the table, and throws an error because (in our case because of VARCHARs) of the missing apostrophs.
It seems that it does not even try to precompile the SQL Statement.
Any suggestions?
Best Regards Gernot
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER