OracleCommand SQL参数绑定

时间:2012-06-15 10:25:50

标签: c# oracle system.data.oracleclient

我遇到下面参数绑定的问题。连接有效,因为我在不使用参数的情况下测试了它。但是,执行前查询的值仍然使用'@userName'而不是'jsmith'。

有什么问题?这不是绕过绑定的正确方法吗?

public static String GetFullName(String domainUser)
{
    DataTable dT;
    String fullName = "";

    OracleConnection db = DatabaseAdapter.GetConn();
    db.Open();

    OracleCommand oraCommand = new OracleCommand("SELECT fullname FROM user_profile WHERE domain_user_name = '@userName'", db);
    oraCommand.BindByName = true;
    oraCommand.Parameters.Add(new OracleParameter("@userName", domainUser));

    OracleDataReader oraReader = null;
    oraReader = oraCommand.ExecuteReader();

    if (oraReader.HasRows)
    {
        while (oraReader.Read())
        {
            fullName = oraReader.GetString(0);
        }
    }
    else
    {
        return "No Rows Found";
    }

    oraReader.Close();
    db.Close();
    db.Dispose();

    return fullName;
}

编辑:我将@添加到参数字段名称,但它仍然无法修复它。

6 个答案:

答案 0 :(得分:67)

删除@username,周围的单引号,并使用参数名称而不是:来使用@,例如:

OracleCommand oraCommand = new OracleCommand("SELECT fullname FROM sup_sys.user_profile
                           WHERE domain_user_name = :userName", db);
oraCommand.Parameters.Add(new OracleParameter("userName", domainUser));

来源:Using Parameters

答案 1 :(得分:19)

Oracle的参数语法与Sql-Server不同。所以使用:而不是@

using(var con=new OracleConnection(connectionString))
{
   con.open();
   var sql = "insert into users values (:id,:name,:surname,:username)";

   using(var cmd = new OracleCommand(sql,con)
   {
      OracleParameter[] parameters = new OracleParameter[] {
             new OracleParameter("id",1234),
             new OracleParameter("name","John"),
             new OracleParameter("surname","Doe"),
             new OracleParameter("username","johnd")
      };

      cmd.Parameters.AddRange(parameters);
      cmd.ExecuteNonQuery();
   }
}

在OracleCommand中使用命名参数时,必须在参数名称前面加冒号(:)。

http://msdn.microsoft.com/en-us/library/system.data.oracleclient.oraclecommand.parameters.aspx

答案 2 :(得分:1)

您需要使用以下内容:

 OracleCommand oraCommand = new OracleCommand("SELECT fullname FROM sup_sys.user_profile
                       WHERE domain_user_name = :userName", db);

在此MSDN文章中可以找到更多内容: http://msdn.microsoft.com/en-us/library/system.data.oracleclient.oraclecommand.parameters%28v=vs.100%29.aspx

建议您使用字符代替 @ 代替Oracle。

答案 3 :(得分:1)

string strConn = "Data Source=ORCL134; User ID=user; Password=psd;";

System.Data.OracleClient.OracleConnection con = newSystem.Data.OracleClient.OracleConnection(strConn);
    con.Open();

    System.Data.OracleClient.OracleCommand Cmd = 
        new System.Data.OracleClient.OracleCommand(
            "SELECT * FROM TBLE_Name WHERE ColumnName_year= :year", con);

//for oracle..it is :object_name and for sql it s @object_name
    Cmd.Parameters.Add(new System.Data.OracleClient.OracleParameter("year", (txtFinYear.Text).ToString()));

    System.Data.OracleClient.OracleDataAdapter da = new System.Data.OracleClient.OracleDataAdapter(Cmd);
    DataSet myDS = new DataSet();
    da.Fill(myDS);
    try
    {
        lblBatch.Text = "Batch Number is : " + Convert.ToString(myDS.Tables[0].Rows[0][19]);
        lblBatch.ForeColor = System.Drawing.Color.Green;
        lblBatch.Visible = true;
    }
    catch 
    {
        lblBatch.Text = "No Data Found for the Year : " + txtFinYear.Text;
        lblBatch.ForeColor = System.Drawing.Color.Red;
        lblBatch.Visible = true;   
    }
    da.Dispose();
    con.Close();

答案 4 :(得分:0)

// PT:Eu tive este mesmo problema ao utilizar o Namespace Oracle.DataAccess.Client;

// ES:Teníaestemismo problema cuando se utiliza el Namespace Oracle.DataAccess.Client;

// EN:我使用Oracle.DataAccess.Client命名空间遇到了同样的问题;

// PT:Eu resolvi desta forma:

// ES:他resuelto de esta manera:

// EN:我这样解决了

使用Oracle.DataAccess.Client;

string strConnection = ConfigurationManager.ConnectionStrings["oConnection"].ConnectionString;

dataConnection = new OracleConnectionStringBuilder(strConnection);

OracleConnection oConnection = new OracleConnection(dataConnection.ToString());

oConnection.Open();

OracleCommand tmpCommand = oConnection.CreateCommand();
tmpCommand.Parameters.Add("user", OracleDbType.Varchar2, txtUser.Text, ParameterDirection.Input);
tmpCommand.CommandText = "SELECT USER, PASS FROM TB_USERS WHERE USER = :1";

try
{
    OracleDataReader tmpReader = tmpCommand.ExecuteReader(CommandBehavior.SingleRow);

    if (tmpReader.HasRows)
    {
        // PT: IMPLEMENTE SEU CÓDIGO    
        // ES: IMPLEMENTAR EL CÓDIGO
        // EN: IMPLEMENT YOUR CODE
    }
}
catch(Exception e)
{
        // PT: IMPLEMENTE SEU CÓDIGO    
        // ES: IMPLEMENTAR EL CÓDIGO
        // EN: IMPLEMENT YOUR CODE
}

答案 5 :(得分:-3)

您需要使用“@”符号:

oraCommand.Parameters.Add(new OracleParameter("@userName", domainUser));