I have the following code in a VB .NET application. I am trying to update columns in an Oracle table with data with SQL data. When I run the application, I get (ORA-00933: SQL command not properly ended) for the ‘or_cmd_3.ExecuteNonQuery()’ line.
If I strip out the code and run it in TOAD or SQL Developer, replacing the temp varialve with some bogus data it updates fine. What am I missing?
Many thanks in advance.
ElseIf (oracle_summary_temp = ueio_tmpALM_Summary) And (oracle_request_ID_temp = ueio_tmpALM_ID) And added_to_alm = "1" AndAlso ({"Deferred", "Rejected", "Closed"}.Contains(ueio_tmpALM_Status)) Then
Dim update_oracle As String = Nothing
update_oracle =
"update SCHEMA.TABLE set ISSUE_ADDED_TO_ALM = '2'," & _
"ISSUE_STATUS = '" & ueio_tmpALM_Status & "'," & _
"ISSUE_REJECTED_REASON = '" & ueio_tmpALM_Rejected & "'," & _
"ISSUE_PHASE = '" & ueio_tmpALM_Current_Phase & "'," & _
"ISSUE_PRIORITY = '" & ueio_tmpALM_Priority & "'," & _
"ISSUE_SYSTEM_IMPACTED = '" & ueio_tmpALM_System_Impacted & "'," & _
"ISSUE_DQ_ANALYST = '" & ueio_tmpALM_DQ_Analyst & "'," & _
"ISSUE_COMMENTS = '" & ueio_tmpALM_Comments & "'," & _
"ISSUE_OWNER_DEPARTMENT = '" & ueio_tmpALM_Owner_Department & "'," & _
"ALM_ISSUE_ID = '" & ueio_tmpALM_ID & "'," & _
"DQ_Team = '" & ueio_tmpALM_DQ_Team & "'" & _
"where ISSUE_SUMMARY = '" & ueio_tmpALM_Summary & "'"
Dim or_cmd= New NetOracle.OracleCommand(update_oracle, OracleConn)
or_cmd.ExecuteNonQuery()
Building a query text concatenating input strings is allways a bad practice.
One reason is that you need to remove characters that break the query like a single quote or other defined by your database query syntax.
But the most important reason is the possibility of Sql Injection Attacks.
That said, the possible reason of your error is the missing space before the where clause.
You should replace all of your text using parameters in this way: