[有很多与此问题相关的帖子,但没有人适合我的情况。我在Visual Studio上使用带有C#的oracle数据库
void addUser()
{
OracleCommand cmd = new OracleCommand();
string query ="INSERT INTO users (user_id, f_name, hash, acc_type, cell_no, country, state, city, zip, address, email, img) VALUES ('" + Convert.ToString(username) + "','" + Convert.ToString(f_name) + "','" + password + "','" + acc_type + "','" + contactno + "','" + country + "','" + state + "','" + city + "','" + zip + "','" + address + "','" + email + "',imgByte)";
OracleCommand sc = new OracleCommand(query, usersdb);
sc.Parameters.AddWithValue("imgByte", imgByte);
try
{
usersdb.Open();
sc.ExecuteNonQuery();
usersdb.Close();
lblSignupError.Visible = true;
lblSignupError.Text = "Signed up successfully. You can login now.";
Clear();
LoginNow();
}
catch (Exception ex)
{
Console.WriteLine(ex);
if (usersdb.State == ConnectionState.Open)
{
usersdb.Close();
}
}
}
这里是注册的代码,用于在数据库中添加用户,但出现此错误
***抛出异常:System.Data.OracleClient.dll中的'System.Data.OracleClient.OracleException'System.Data.OracleClient.OracleException(0x80131938):ORA-01036:非法变量名称/编号
在System.Data.OracleClient.OracleConnection.CheckError(OciErrorHandleerrorHandle,Int32 rc)在System.Data.OracleClient.OracleParameterBinding.Bind(OciStatementHandlestatementHandle,NativeBuffer参数Buffer,OracleConnection连接,布尔值和mustRelease,SafeHandle和handleToBind)System.Data.OracleClient.OracleCommand.Execute(OciStatementHandlestatementHandle,CommandBehavior行为,布尔NeedRowid,OciRowidDescriptor&rowidDescriptor,ArrayList&resultParameterOrdinals)在System.Data.OracleClient.OracleCommand.ExecuteNonQueryInternal(BooleanneedRowid,OciRowidDescriptor&rowidDescriptor)System.Data.OracleClient.OracleCommand.ExecuteNonQuery()在E:\ Visual Studio中的StopNShop.SignUpForm.addUser()项目\ StopNShop \ StopNShop \ SignUpForm.cs:第402行***
您应该真正在all输入值中使用参数;它不仅更具可读性,而且可以防止SQL注入攻击。
为回答您的问题,oracle参数应以冒号作为前缀,即:imgByte。