ORA-00984:此处不允许的列 [英] ORA-00984: column not allowed here

问题描述

我正在尝试使用以下代码将数据插入oracle db

Hi,
I am trying to insert data to oracle db using following code

connection.Open();
string sid = txtSID.Text.ToString();
string strSQL = "INSERT INTO DBSERVERS(SID) VALUES(" + txtSID.Text + ")";
OracleCommand cmd =new OracleCommand(strSQL,connection);
cmd.ExecuteNonQuery();

这会出现"ORA-00984:此处不允许使用列"错误.请帮助我.

This gives "ORA-00984: column not allowed here" error. Please help me.

推荐答案

以下几点:

A couple of things:

string sid = txtSID.Text.ToString();

这是怎么办的? Text属性已经是一个字符串-使用ToString只会浪费时间和内存，而不会做任何事情！

What is this going to do? The Text property is a string already - using ToString is going to do nothing except waste time and memory!

string strSQL = "INSERT INTO DBSERVERS(SID) VALUES(" + txtSID.Text + ")";

您为什么不使用在上一行中准备的"sid"?没什么区别，但仍然...

Why did you not use the "sid" you prepared in the line above? It makes no difference, but still...

string strSQL = "INSERT INTO DBSERVERS(SID) VALUES(" + txtSID.Text + ")";

从不这样做！
两个原因:
1)您对SQL注入攻击大开眼界-Google"Bobby Tables"了解我的意思.
2)这可能是造成您的问题的原因，因为= your文本框的内容是作为SQL命令的一部分传递的.

而是使用:

Never do this!
Two reasons:
1) You lay yourself wide open to an SQL Injection attack - Google "Bobby Tables" to find out what I mean.
2) It is probably causing your problem, because the content of =your text box is being passed as part of the SQL command.

Instead, use:

string strSQL = "INSERT INTO DBSERVERS(SID) VALUES(@ID)";
OracleCommand cmd =new OracleCommand(strSQL,connection);
cmd.Parameters.AddWithValue("@ID", sid);
cmd.ExecuteNonQuery();

通过这种方式，文本框的内容逐字传递，不能被视为命令.

This way, the content of the textbox is passed in verbatim and cannot be treated as a command.

这篇关于ORA-00984:此处不允许的列的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！