I am writing a C# code that connects to ODAC. I think my query

Question

0

Asked: June 15, 20262026-06-15T22:52:44+00:00 2026-06-15T22:52:44+00:00

I am writing a C# code that connects to ODAC. I think my query

0

I am writing a C# code that connects to ODAC. I think my query got no errors, but I get this error, I don’t know how to solve.

This is my query

comm.CommandText = "SELECT * FROM ZAEDBA WHERE USER_ID = '" + login_id + 
                   "' AND APPID = '" + app_id + "' ;";

Can any one figure out what is wrong in here?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-15T22:52:46+00:00

Your query is vulnerable for a security issue called SQL injection!

You should NEVER use string concatenation for building a query from strings (some SQL, some parameters)… Use always parameterized queries…

Sample code:

comm.BindByName = true;
comm.CommandText = "SELECT * FROM ZAEDBA WHERE USER_ID = :login_id AND APPID = :app_id";
comm.Parameters.AddWithValue ("login_id", login_id);
comm.Parameters.AddWithValue ("app_id", app_id);

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am writing a C# code that connects to ODAC. I think my query

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply