I am trying to implement prepared staments in my code as a way of adding parameters to sql commands that are retrieved from a table held in any generic server. I cannot seem to get it right. I get the following error:
ORA-00936: missing expression
ORA-00936: missing expression
Prepare Statement: select VALUE from RWOL_CONFIGURATION where ID = @ItemId
My guess is that it just isn’t replacing the value but I dont know what I am missing.
I am trying the following to achieve the desired result. I create my object, get a query string out of our table in the database, add that to the command, add parameters to a list object and then use the final method shown below to tie it all together and run the query:
//This function gets me a config item from the database
private string GetConfigurationItem(string itemId)
{
//new database connection object
OleDataBaseConnection oleDataBaseConnection = new OleDataBaseConnection();
//todo get this query from the sql factory
SqlFactory sqlFactory = new SqlFactory();
//This method gets the query string from the database
string sqlQuery = sqlFactory.GetQueryString("GET_CONFIGURATION_ITEM", m_dialect);
if (!String.IsNullOrEmpty(sqlQuery))
{
//add parameter to list
oleDataBaseConnection.AddStoredProcedureParameter("@ItemId", itemId);
//execute the sql command after adding the parameters to the command
oleDataBaseConnection.OleExecutePrepareStatementWithParametersQuery(sqlQuery);
string returnValue = oleDataBaseConnection.NextRecord() ? oleDataBaseConnection.GetFieldById(0) : "Error";
oleDataBaseConnection.Close();
return returnValue;
}
else
{
return "ERROR";
}
}
//adds the parameters to list objects ready for the next method
public void AddParameter(string parameter, object value)
{
m_parameterName.Add(parameter);
m_parameterValue.Add(value);
} // End of void AddParameter()
/// <summary>
/// Executes a command with the parameters passed to AddParameter(parameterName, parameterValue) and creates a recordset.
/// </summary>
///
/// <param name="commandName">The name of the stored procedure to execute.</param>
public bool OleExecutePrepareStatementWithParametersQuery(string commandName)
{
if (String.IsNullOrEmpty(commandName))
{
return false;
}
try
{
PrepareConnection();
m_oleDatabaseCommand.CommandText = commandName;
m_oleDatabaseCommand.CommandType = CommandType.StoredProcedure;
if (m_storedProcedureParameterName.Count != 0)
{
for (int i = 0; i < m_storedProcedureParameterName.Count; i++)
{
m_oleDatabaseCommand.Parameters.AddWithValue(m_storedProcedureParameterName[i], m_storedProcedureParameterValue[i]);
}
m_storedProcedureParameterName.Clear();
m_storedProcedureParameterValue.Clear();
}
m_hasRecordSet = true;
m_oleDatabaseDataReader = m_oleDatabaseCommand.ExecuteReader();
return true;
}
catch (Exception ex)
{
if (QueueErrors)
{
QueuedErrorsList.AppendLine(ex.Message);
QueuedErrorsList.AppendLine("Prepare Statement: " + storedProcedureName);
QueuedErrorsList.AppendLine();
QueuedErrorCount++;
return false;
}
try
{
Close();
}
catch
{
}
throw new Exception(ex.Message + "\r\n\r\nPrepare Statement: " + storedProcedureName);
}
} // End of void OleExecutePrepareStatementWithParametersQuery()
Sorry if there is a lot of code but it is fairly straightforward and I thought it would help with the problem.
Is there anything obvious that would stop this from working?
The problem is that the OleDB provider does not support named parameters in the query.
This:
Should be:
See OleDbParameter on MSDN for examples.