Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Parameterized query in Oracle trouble

Tags:

asp.net

oracle

I'm using Oracle.DataAccess rather than the obsolete System.Data.OracleClient and I seem to be having trouble passing multiple parameters to my update query

This works

OracleCommand.CommandText = "UPDATE db SET column1 = :param1 WHERE column2 = 'Y'"
OracleCommand.Parameters.Add(New OracleParameter("param1", "1234"))

But I want to be able to pass multiple parameters

Here's my full code

    OracleConn.Open()
    OracleCommand = OracleConn.CreateCommand()
    OracleCommand.CommandText = "UPDATE db SET column1 = :param1 WHERE column2 = :param2"
    OracleCommand.CommandType = CommandType.Text
    OracleCommand.Parameters.Add(New OracleParameter("param1", "1234"))
    OracleCommand.Parameters.Add(New OracleParameter("param2", "Y"))
    OracleCommand.ExecuteNonQuery()

My SELECT query seems to work when passing multiple parameters but not the update one

like image 688
Jamie Taylor Avatar asked May 12 '11 15:05

Jamie Taylor

People also ask

What is parameterized query with example?

A parameterized query is a query in which placeholders are used for parameters and the parameter values are supplied at execution time. The most important reason to use parameterized queries is to avoid SQL injection attacks.

What are some advantages of parameterized queries?

The benefit of parameterized SQL queries is that you can prepare them ahead of time and reuse them for similar applications without having to create distinct SQL queries for each case. The previous example, for instance, could be used in any context where you want to get tags from a collector.

Why is it important to parameterized database queries?

One major reason for using parameterized queries is that they make queries more readable. The second and most compelling reason is that parameterized queries help to protect the database from SQL injection attacks.

3 Answers

Although I can't see anything wrong with your example, I wonder if you're being hit by the old BindByName problem. By default, ODP.NET binds parameters to the query in the order in which they are added to the collection, rather than based on their name as you'd like. Try setting BindByName to true on your OracleCommand object and see if that fixes the problem.

I've had this problem so many times that I use my own factory method to create commands which automatically sets this property to true for me.

Classic useless Oracle documentation here

like image 106
batwad Avatar answered Oct 06 '22 19:10

batwad

To emulate the default behavior of the System.Data.OracleClient, you should set the OracleCommand to bind by name.

OracleCommand.BindByName = True
like image 39
Zach Green Avatar answered Oct 06 '22 19:10

Zach Green

Try newing up your OracleParameter with a the type specified. Set the value of the object before adding it to the parameters list.

var param1 = new OracleParameter( "param1", OracleType.Int32 );
param1.Value = "1234";

OracleCommand.Parameters.Add( param1 );
like image 20
Brian Dishaw Avatar answered Oct 06 '22 21:10

Brian Dishaw
Sign in to Comment

Related questions

ASP.net app crashes - Could not load file or assembly 'Microsoft.Threading.Tasks.Extensions.Desktop'
Is it bad practice to store SQL queries in resource file?
ASP.NET MVC3 Role and Permission Management -> With Runtime Permission Assignment
Access a Remote Directory from C#
Best way to access properties of my code behind class from the markup in ASP.NET
Produce "toast" messages like StackOverflow
How to return a JSON object in standard web forms .Net
How to display a text in gridview "No Records Found" when there is no record
Using tinyurl.com in a .Net application ... possible?
Making user login persistant with ASP .Net Membership
How to detect if a file is PDF or TIFF?
Could not locate assembly "EntityFramework"
convert from physical path to virtual path
How to set drop down list DataTextField to display two data property fields?
Why is <table> not allowed inside <p>
Populating a dataset from a CSV file
Asp action route data
Cannot install dotnet-ef tool on Windows 10
HtmlButton handler fires twice when clicked (when AutoEventWireup="True")
Can't get my EC2 Windows Server 2008 (Web stack) instance to receive publishings of my website

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!