ORA-00984:此处不允许的列 [英] ORA-00984: column not allowed here
问题描述
我正在尝试使用以下代码将数据插入oracle db
Hi,
I am trying to insert data to oracle db using following code
connection.Open();
string sid = txtSID.Text.ToString();
string strSQL = "INSERT INTO DBSERVERS(SID) VALUES(" + txtSID.Text + ")";
OracleCommand cmd =new OracleCommand(strSQL,connection);
cmd.ExecuteNonQuery();
这会出现"ORA-00984:此处不允许使用列"错误.请帮助我.
This gives "ORA-00984: column not allowed here" error. Please help me.
推荐答案
以下几点:
A couple of things:
string sid = txtSID.Text.ToString();
这是怎么办的? Text属性已经是一个字符串-使用ToString只会浪费时间和内存,而不会做任何事情!
What is this going to do? The Text property is a string already - using ToString is going to do nothing except waste time and memory!
string strSQL = "INSERT INTO DBSERVERS(SID) VALUES(" + txtSID.Text + ")";
您为什么不使用在上一行中准备的"sid"?没什么区别,但仍然...
Why did you not use the "sid" you prepared in the line above? It makes no difference, but still...
string strSQL = "INSERT INTO DBSERVERS(SID) VALUES(" + txtSID.Text + ")";
从不这样做!
两个原因:
1)您对SQL注入攻击大开眼界-Google"Bobby Tables"了解我的意思.
2)这可能是造成您的问题的原因,因为= your文本框的内容是作为SQL命令的一部分传递的.
而是使用:
Never do this!
Two reasons:
1) You lay yourself wide open to an SQL Injection attack - Google "Bobby Tables" to find out what I mean.
2) It is probably causing your problem, because the content of =your text box is being passed as part of the SQL command.
Instead, use:
string strSQL = "INSERT INTO DBSERVERS(SID) VALUES(@ID)";
OracleCommand cmd =new OracleCommand(strSQL,connection);
cmd.Parameters.AddWithValue("@ID", sid);
cmd.ExecuteNonQuery();
通过这种方式,文本框的内容逐字传递,不能被视为命令.
This way, the content of the textbox is passed in verbatim and cannot be treated as a command.
这篇关于ORA-00984:此处不允许的列的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!