C# parameterized queries for Oracle - serious & dangerous bug!
This is not a bug but explicitly mentioned in Oracle ODP.Net documentation. In a OracleCommand class the parameters are bound by position as default. If you want to bind by name then set the property cmd.BindByName = true;
explicitly.
Reference to Oracle documentation. http://download.oracle.com/docs/cd/E11882_01/win.112/e12249/OracleCommandClass.htm#i997666
Is that a typo that you have column3 being added before column2?
Because the colon syntax signifies a bind variable--name doesn't matter to BIND variables in PLSQL, they're populated in order of submission. Which would mean you'd be attempting to set column2 value as "record 1", which would explain the invalid number error...
You currently have:
p.Add("Column1", 1);
p.Add("Column3", null);
p.Add("Column2", "record 1");
...see if this alteration fixes your issue:
p.Add("Column1", 1);
p.Add("Column2", "record 1");
p.Add("Column3", null);
Getting Named Parameters to Work?
I have to defer to someone with more C# experience to explain how to get named parameters working. But I'm glad we confirmed that the colon appears to be interpreting as an Oracle BIND variable.