C# parameterized queries for Oracle - serious & dangerous bug!

c# oracle ora-01722

This is not a bug but explicitly mentioned in Oracle ODP.Net documentation. In a OracleCommand class the parameters are bound by position as default. If you want to bind by name then set the property cmd.BindByName = true; explicitly.

Reference to Oracle documentation. http://download.oracle.com/docs/cd/E11882_01/win.112/e12249/OracleCommandClass.htm#i997666


Is that a typo that you have column3 being added before column2?

Because the colon syntax signifies a bind variable--name doesn't matter to BIND variables in PLSQL, they're populated in order of submission. Which would mean you'd be attempting to set column2 value as "record 1", which would explain the invalid number error...

You currently have:

p.Add("Column1", 1);
p.Add("Column3", null);
p.Add("Column2", "record 1");

...see if this alteration fixes your issue:

p.Add("Column1", 1);
p.Add("Column2", "record 1");
p.Add("Column3", null);

Getting Named Parameters to Work?

I have to defer to someone with more C# experience to explain how to get named parameters working. But I'm glad we confirmed that the colon appears to be interpreting as an Oracle BIND variable.

Related

Unpack list to variables
Jersey Exception : SEVERE: A message body reader for Java class
C# Covariance on subclass return types
method matches not work well [duplicate]
ListView Viewholder checkbox state
How to use compound literals to `fprintf()` multiple formatted numbers with arbitrary bases?
gfortran does not allow character arrays with varying component lengths
PHP what is the best way to write data to middle of file without rewriting file
Why is my field `null` after injection? How do I inject my object?
Window Functions: last_value(ORDER BY ... ASC) same as last_value(ORDER BY ... DESC)
from data table, randomly select one row per group
UTF-8 encoding for subject in contact form email