I am constructing a search function in a class to be used by several of our asp pages. The idea is simple, take a search term from the user and query the database for the item. Currently I am doing this the wrong way, which is vulnerable to SQL injection attacks (and ELMAH is in there to save the day if something goes wrong): Public S...
We have just upgrade from oracle 9i to 10g and a database query I have works with the 9i client but not the 10g. Nothing in the query has changed. I get the following error: java.sql.SQLException: ORA-01036: illegal variable name/number Not really sure what is going on. Why wouldn't it run anymore. It's just a select statement which j...
We are building a client program where parameters for storage in a web server with Oracle backend are set in the .Net client program and uploaded as a dataset via webservice. In the webservice code, data is read from the dataset and added to UPDATE statements on the web server (Oracle backend). Because the server will run on the custom...
As part of an effort to stop using dynamic SQL generation and encourage use of bind variables, I am running into some problems. I am querying an Oracle 9i database from an ASP.NET page using Oracle Data Providers for .NET The query is sql = "SELECT somedata FROM sometable WHERE machine = :machineName "; I define the Oracle Paramete...