ORA-O1036: 非法变量名/编号

Question

There are alot of posts related to this question but no one work for my case.有很多与这个问题相关的帖子，但没有一个适合我的案例。 I am using oracle database with C# on visual studio我在 Visual Studio 上使用带有 C# 的 oracle 数据库

void addUser()
{
        OracleCommand cmd = new OracleCommand();
        string query ="INSERT INTO users (user_id, f_name, hash, acc_type, cell_no, country, state, city, zip, address, email, img) VALUES ('" +                         Convert.ToString(username) + "','" + Convert.ToString(f_name) + "','" + password + "','" + acc_type + "','" + contactno + "','" + country + "','" + state + "','" + city + "','" + zip + "','" + address + "','" + email + "',imgByte)";
        OracleCommand sc = new OracleCommand(query, usersdb);
        sc.Parameters.AddWithValue("imgByte", imgByte);
        try
        {
            usersdb.Open();
            sc.ExecuteNonQuery();
            usersdb.Close();
            lblSignupError.Visible = true;
            lblSignupError.Text = "Signed up successfully. You can login now.";

            Clear();
            LoginNow();
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex);
            if (usersdb.State == ConnectionState.Open)
            {
                usersdb.Close();
            }
        }
}

Here is the code for Signup to add user in DB but this error comes这是注册在数据库中添加用户的代码，但出现此错误

***Exception thrown: 'System.Data.OracleClient.OracleException' in System.Data.OracleClient.dll System.Data.OracleClient.OracleException (0x80131938): ORA-01036: illegal variable name/number ***抛出异常：System.Data.OracleClient.dll System.Data.OracleClient.OracleException 中的“System.Data.OracleClient.OracleException”（0x80131938）：ORA-01036：非法变量名/编号

at System.Data.OracleClient.OracleConnection.CheckError(OciErrorHandle errorHandle, Int32 rc) at System.Data.OracleClient.OracleParameterBinding.Bind(OciStatementHandle statementHandle, NativeBuffer parameterBuffer, OracleConnection connection, Boolean& mustRelease, SafeHandle& handleToBind) at System.Data.OracleClient.OracleCommand.Execute(OciStatementHandle statementHandle, CommandBehavior behavior, Boolean needRowid, OciRowidDescriptor& rowidDescriptor, ArrayList& resultParameterOrdinals) at System.Data.OracleClient.OracleCommand.ExecuteNonQueryInternal(Boolean needRowid, OciRowidDescriptor& rowidDescriptor) at System.Data.OracleClient.OracleCommand.ExecuteNonQuery() at StopNShop.SignUpForm.addUser() in E:\\Visual Studio Projects\\StopNShop\\StopNShop\\SignUpForm.cs:line 402***在 System.Data.OracleClient.OracleConnection.CheckError(OciErrorHandle errorHandle, Int32 rc) 在 System.Data.OracleClient.OracleParameterBinding.Bind(OciStatementHandle statementHandle, NativeBuffer parameterBuffer, OracleConnection connection, Boolean& mustRelease, SafeHandle& handleToBind) 在 System.Data.OracleClient。 OracleCommand.Execute(OciStatementHandle statementHandle, CommandBehavior 行为, Boolean needRowid, OciRowidDescriptor& rowidDescriptor, ArrayList& resultParameterOrdinals) 在 System.Data.OracleClient.OracleCommand.ExecuteNonQueryInternal(Boolean needRowid, OciRowidDescriptor& rowidDescriptor) 在 System.Data.OracleClient.OracleCommand.StopNS 处.SignUpForm.addUser() 在 E:\\Visual Studio Projects\\StopNShop\\StopNShop\\SignUpForm.cs:line 402***

Answer 1

You should really be using parameters for all your input values;您真的应该为所有输入值使用参数； not only will it be more readable, but it will prevent SQL injection attacks.它不仅会更具可读性，而且会防止SQL 注入攻击。

In answer to your question, oracle parameters should be prefixed with a colon ie :imgByte .在回答您的问题时，oracle 参数应以冒号为前缀，即:imgByte 。

See this example: https://stackoverflow.com/a/11048965/8126362看这个例子： https : //stackoverflow.com/a/11048965/8126362

ORA-O1036: 非法变量名/编号

问题描述

1 个解决方案

解决方案1
1 2020-01-10 13:22:41

ORA-O1036: 非法变量名/编号

问题描述

1 个解决方案

解决方案1 1 2020-01-10 13:22:41

解决方案1
1 2020-01-10 13:22:41