oracle 防sql注入问题!!!
strGetUser="SELECT * FROM M_USER WHERE USERNAME=:USERNAME";
DataTable dtlogin = GetDataTable(GetCommand(strGetUser),AppendParameters(":USERNAME",
new object[] { strUserName }));
protected DataTable GetDataTable(OracleCommand cmd, OracleParameter[] cmdParms)
{
using (OracleConnection con = GetConnection())
{
PrepareCommand(cmd, con, null, null, cmdParms);
cmd.Connection = con;
//con.Open();
DataTable dt = new DataTable();
GetAdapter(cmd.CommandText).Fill(dt);
//return后,此处提示ORA-22806: not an object or REF异常
return dt;
}
}
protected OracleDataAdapter GetAdapter(String cmdtext)
{
OracleDataAdapter adp = new OracleDataAdapter(GetCommand(cmdtext).CommandText, GetConnection());
return adp;
}
ORA-22806: not an object or REF是什么情况!!!
------解决方案--------------------
ORA-22806:
not an object or REF
Cause: An attempt was made to extract an attribute from an item that is neither an object nor a REF.
Action: Use an object type or REF type item and retry the operation.
------解决方案--------------------仍然不明白,是不是OracleDataAdapter的结果不能填充到DataTable里。。。。。。。。。。
------解决方案--------------------
Oracle 开发错误解决方法: pls-00436 with forall