我在VB .NET应用程序中有以下代码。我正在尝试使用SQL数据更新Oracle表中的列。当我运行应用程序时,我得到(ORA-00933:SQL命令未正确结束)'or_cmd_3.ExecuteNonQuery()'行。
如果我删除代码并在TOAD或SQL Developer中运行它,用一些虚假数据替换temp varialve它会更新。我错过了什么?
非常感谢提前。
ElseIf (oracle_summary_temp = ueio_tmpALM_Summary) And (oracle_request_ID_temp = ueio_tmpALM_ID) And added_to_alm = "1" AndAlso ({"Deferred", "Rejected", "Closed"}.Contains(ueio_tmpALM_Status)) Then
Dim update_oracle As String = Nothing
update_oracle =
"update SCHEMA.TABLE set ISSUE_ADDED_TO_ALM = '2'," & _
"ISSUE_STATUS = '" & ueio_tmpALM_Status & "'," & _
"ISSUE_REJECTED_REASON = '" & ueio_tmpALM_Rejected & "'," & _
"ISSUE_PHASE = '" & ueio_tmpALM_Current_Phase & "'," & _
"ISSUE_PRIORITY = '" & ueio_tmpALM_Priority & "'," & _
"ISSUE_SYSTEM_IMPACTED = '" & ueio_tmpALM_System_Impacted & "'," & _
"ISSUE_DQ_ANALYST = '" & ueio_tmpALM_DQ_Analyst & "'," & _
"ISSUE_COMMENTS = '" & ueio_tmpALM_Comments & "'," & _
"ISSUE_OWNER_DEPARTMENT = '" & ueio_tmpALM_Owner_Department & "'," & _
"ALM_ISSUE_ID = '" & ueio_tmpALM_ID & "'," & _
"DQ_Team = '" & ueio_tmpALM_DQ_Team & "'" & _
"where ISSUE_SUMMARY = '" & ueio_tmpALM_Summary & "'"
Dim or_cmd= New NetOracle.OracleCommand(update_oracle, OracleConn)
or_cmd.ExecuteNonQuery()
答案 0 :(得分:2)
构建查询文本连接输入字符串总是一种不好的做法 一个原因是您需要删除破坏查询的字符,如单引号或数据库查询语法定义的其他字符。 但最重要的原因是Sql Injection Attacks的可能性。 也就是说,错误的可能原因是在where子句之前缺少空格。 您应该以这种方式使用参数替换所有文本:
update_oracle = "update SCHEMA.TABLE set " & _
"ISSUE_ADDED_TO_ALM = '2'," & _
"ISSUE_STATUS = :tmpALMStatus, " & _
"ISSUE_REJECTED_REASON = :tmpALMRejected," & _
"ISSUE_PHASE = :tmpALMCurrent_Phase, " & _
"ISSUE_PRIORITY = :tmpALMPriority," & _
"ISSUE_SYSTEM_IMPACTED = :tmpALMSystemImpacted," & _
"ISSUE_DQ_ANALYST = :tmpALMDQAnalyst, " & _
"ISSUE_COMMENTS = :tmpALMComments," & _
"ISSUE_OWNER_DEPARTMENT = :tmpALMOwnerDepartment, " & _
"ALM_ISSUE_ID = :tmpALM_ID," & _
"DQ_Team = :tmpALM_DQ_Team" & _
" where ISSUE_SUMMARY = :tmpALM_Summary"
Dim or_cmd= New NetOracle.OracleCommand(update_oracle, OracleConn)
or_cmd.Parameters.AddWithValue(":tmpALMStatus",ueio_tmpALM_Status)
or_cmd.Parameters.AddWithValue(":tmpALMRejected" ,ueio_tmpALM_Rejected )
or_cmd.Parameters.AddWithValue(":tmpALMCurrent_Phase",ueio_tmpALM_Current_Phase)
or_cmd.Parameters.AddWithValue(":tmpALMPriority",ueio_tmpALM_Priority)
or_cmd.Parameters.AddWithValue(":tmpALMSystemImpacted" ,ueio_tmpALM_System_Impacted)
or_cmd.Parameters.AddWithValue(":tmpALMDQAnalyst" ,ueio_tmpALM_DQ_Analyst)
or_cmd.Parameters.AddWithValue(":tmpALMComments",ueio_tmpALM_Comments)
or_cmd.Parameters.AddWithValue(":tmpALMOwnerDepartment",ueio_tmpALM_Owner_Department)
or_cmd.Parameters.AddWithValue(":tmpALM_ID",ueio_tmpALM_ID)
or_cmd.Parameters.AddWithValue(":tmpALM_DQ_Team",ueio_tmpALM_DQ_Team)
or_cmd.Parameters.AddWithValue(":tmpALM_Summary",ueio_tmpALM_Summary)
or_cmd.ExecuteNonQuery()