am writing code in vb.net .am using select statement in oracle command . when i pass arguments values through variable am getting error.
my code
------
chk1 = TextBox1.Text
d1 = Date.Parse(chk1)
--------
--------
try
cn.Open()
cmd = New OracleCommand("select PHONE from reports.renewal_contact_t where run_date=to_date('+ d1 +','mm/dd/yyyy') and EXP_DATE =to_date('07/21/2012','mm/dd/yyyy')", cn)
------------
ada.Fill(ds, "reports.renewal_contact_t ")
end try
eror(in ada.fill statement)
-----
ORA-01858: a non-numeric character was found where a numeric was expected
You haven’t managed to put your date into your SQL query. You’re getting an error because Oracle cannot convert the string
+ d1 +into a date of the formmm/dd/yyyy. I get exactly the same error in SQL*Plus:There is a way to concatenate the date into the SQL string to get a query that would appear to work, but I’m not going to show you that. I don’t want you to get into the habit of doing this as this puts your code at risk of SQL injection (obligatory XKCD comic link).
Instead, I recommend that you set the date in your SQL query using a bind parameter. The example code below uses a bind parameter named
p_run_dateto pass the dated1into the query, and writes the names of the phones returned by the query toConsole.WriteLine.I wrote code to do this in C#, tested it to verify that it did what I expected it to, and then attempted to convert it to VB.NET. I haven’t tested this VB.NET code, so there may well be one or two (hopefully minor) errors with the conversion: