I have a problem with the binding of the below parameter. The connection works because I had tested it without using parameters. However, the value of the query before being executed is still using '@userName' instead of 'jsmith' for example.
What is the problem? Is this not the right way to go around binding?
public static String GetFullName(String domainUser)
{
DataTable dT;
String fullName = "";
OracleConnection db = DatabaseAdapter.GetConn();
db.Open();
OracleCommand oraCommand = new OracleCommand("SELECT fullname FROM user_profile WHERE domain_user_name = '@userName'", db);
oraCommand.BindByName = true;
oraCommand.Parameters.Add(new OracleParameter("@userName", domainUser));
OracleDataReader oraReader = null;
oraReader = oraCommand.ExecuteReader();
if (oraReader.HasRows)
{
while (oraReader.Read())
{
fullName = oraReader.GetString(0);
}
}
else
{
return "No Rows Found";
}
oraReader.Close();
db.Close();
db.Dispose();
return fullName;
}
EDIT: I added @ to the parameter field name, but it still does not fix it.
Remove single quotes around @username, and with respect to oracle use : with parameter name instead of @, like:
OracleCommand oraCommand = new OracleCommand("SELECT fullname FROM sup_sys.user_profile
WHERE domain_user_name = :userName", db);
oraCommand.Parameters.Add(new OracleParameter("userName", domainUser));
Source: Using Parameters