[Fix]-ORA-00911 invalid character
ORA-00911: invalid character
Scenario:
OracleConnection con = new OracleConnection(constr);
con.Open();
OracleCommand cmd = new OracleCommand("select * from wikitechyUser;", con);
var a = cmd.ExecuteReader();
The error ORA-00911: invalid character occurs at the line var a = cmd.ExecuteReader();
Reason for the error:
Special character appears in the select query passed to OracleCommand object.
Fix 1:
Remove the special character “;” from the below line:
OracleCommand cmd = new OracleCommand("select * from wikitechyUser", con);
Fix 2:
Using string concatenation with “;” is a bad way to code, as it welcomes hackers to inject unwanted data. Parameterized queries are better way of programming as shown below:
cmd.CommandText = "SELECT * FROM wikitechyUser WHERE USER_ID = :user AND Pwd = :pwd";
cmd.Parameters.AddWithValue ("user", username);
cmd.Parameters.AddWithValue ("pwd", pwd);