stackoom
  简体   繁体   中英

ORA-O1036: Illegal variable name/number

 原文  2020-01-10 13:18:28       c#/ oracle/ desktop/ ora-01036

Question

There are alot of posts related to this question but no one work for my case. I am using oracle database with C# on visual studio

void addUser()
{
        OracleCommand cmd = new OracleCommand();
        string query ="INSERT INTO users (user_id, f_name, hash, acc_type, cell_no, country, state, city, zip, address, email, img) VALUES ('" +                         Convert.ToString(username) + "','" + Convert.ToString(f_name) + "','" + password + "','" + acc_type + "','" + contactno + "','" + country + "','" + state + "','" + city + "','" + zip + "','" + address + "','" + email + "',imgByte)";
        OracleCommand sc = new OracleCommand(query, usersdb);
        sc.Parameters.AddWithValue("imgByte", imgByte);
        try
        {
            usersdb.Open();
            sc.ExecuteNonQuery();
            usersdb.Close();
            lblSignupError.Visible = true;
            lblSignupError.Text = "Signed up successfully. You can login now.";

            Clear();
            LoginNow();
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex);
            if (usersdb.State == ConnectionState.Open)
            {
                usersdb.Close();
            }
        }
}

Here is the code for Signup to add user in DB but this error comes

***Exception thrown: 'System.Data.OracleClient.OracleException' in System.Data.OracleClient.dll System.Data.OracleClient.OracleException (0x80131938): ORA-01036: illegal variable name/number

at System.Data.OracleClient.OracleConnection.CheckError(OciErrorHandle errorHandle, Int32 rc) at System.Data.OracleClient.OracleParameterBinding.Bind(OciStatementHandle statementHandle, NativeBuffer parameterBuffer, OracleConnection connection, Boolean& mustRelease, SafeHandle& handleToBind) at System.Data.OracleClient.OracleCommand.Execute(OciStatementHandle statementHandle, CommandBehavior behavior, Boolean needRowid, OciRowidDescriptor& rowidDescriptor, ArrayList& resultParameterOrdinals) at System.Data.OracleClient.OracleCommand.ExecuteNonQueryInternal(Boolean needRowid, OciRowidDescriptor& rowidDescriptor) at System.Data.OracleClient.OracleCommand.ExecuteNonQuery() at StopNShop.SignUpForm.addUser() in E:\\Visual Studio Projects\\StopNShop\\StopNShop\\SignUpForm.cs:line 402***

1 answers

solution1
 1  2020-01-10 13:22:41

You should really be using parameters for all your input values; not only will it be more readable, but it will prevent SQL injection attacks.

In answer to your question, oracle parameters should be prefixed with a colon ie :imgByte .

See this example: https://stackoverflow.com/a/11048965/8126362

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ORA-01036 - illegal variable name/number ORA-01036: illegal variable name/number ora-01036 illegal variable name/number c# ORA-01036: illegal variable name/number in C# ORA-01036: illegal variable name/number while updating gridview {“ORA-01036: illegal variable name/number”} - Update Last Number Sequence Oracle Database ora-01036 illegal variable name ORA-01036: ILLEGAL VARIABLE NAME/NUMBER while filling the data table Dapper and Oracle parametrized query - ORA-01036: illegal variable name/number UpdateCommand in Gridview DataSource returns an error ORA-01036: illegal variable name/number
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM