[Fix]-ORA-00911 invalid character

Wikitechy | 1438 Views | oracle | 28 May 2016


ORA-00911: invalid character


OracleConnection con = new OracleConnection(constr);
OracleCommand cmd = new OracleCommand("select * from wikitechyUser;", con);
var a = cmd.ExecuteReader();

The error ORA-00911: invalid character occurs at the line var a = cmd.ExecuteReader();

Reason for the error:

Special character appears in the select query passed to OracleCommand object.

Fix 1:

Remove the special character “;” from the below line:

OracleCommand cmd = new OracleCommand("select * from wikitechyUser", con);

Fix 2:

Using string concatenation with “;” is a bad way to code, as it welcomes hackers to inject unwanted data. Parameterized queries are better way of programming as shown below:

cmd.CommandText = "SELECT * FROM wikitechyUser WHERE USER_ID = :user AND Pwd = :pwd";
cmd.Parameters.AddWithValue ("user", username);
cmd.Parameters.AddWithValue ("pwd", pwd);


Bug Bounty
IOT Hackathon

Join our Community