I am trying to run a SQL query on my UWP code. I don't use Linq or EF. The connection to the base work and the simple requests work. This causes me problems: in a first time i populate a listview with the result of a simple request, i choose an element and i click on a searchin button. This request is call with an error:
static public ObservableCollection GetGaz(string connectionString,
string selectedOrder)
{
string GetGazQuery =
"SELECT " +
"tbl_607_gaz_type.gaz_type," +
"tbl_607_theorical_content.theorical_content," +
"tbl_607_made_tolerance.made_tolerance," +
"tbl_607_order_details.gaz_lifetime," +
"tbl_607_gaz.gaz_comments," +
"tbl_607_order_details.FK_ID_order," +
"tbl_607_order_details.poste_number, " +
"tbl_607_order.order_number" +
"FROM " +
"tbl_607_provider join tbl_607_order on tbl_607_provider.ID = tbl_607_order.FK_ID_provider " +
"join tbl_607_order_details on tbl_607_order.ID = tbl_607_order_details.FK_ID_order" +
"join tbl_607_gaz on tbl_607_order_details.FK_ID_gaz = tbl_607_gaz.ID " +
"join tbl_607_gaz_type on tbl_607_gaz.FK_ID_gaz_type = tbl_607_gaz_type.ID " +
"join tbl_607_made_tolerance on tbl_607_gaz.FK_ID_made_tolerence = tbl_607_made_tolerance.ID " +
"join tbl_607_theorical_content on tbl_607_gaz.FK_ID_theorical_content = tbl_607_theorical_content.ID " +
"WHERE " +
"tbl_607_order.order_number" + " LIKE " + "'%" + selectedOrder + "%'";
ObservableCollection GazList = new ObservableCollection();
try
{
using (SqlConnection conn = new SqlConnection(connectionString))
{
conn.Open();
if (conn.State == System.Data.ConnectionState.Open)
{
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = GetGazQuery;
using (SqlDataReader reader = cmd.ExecuteReader())
{
while (reader.Read())
{
Gaz gaz = new Gaz
{
Gaz_type = reader.GetString(0),
Theorical_content = reader.GetString(1),
Made_tolerance = reader.GetDouble(2),
Gaz_lifetime = reader.GetInt32(3),
Gaz_comments = reader.GetString(4),
Poste_number = reader.GetInt32(6)
};
GazList.Add(gaz);
}
}
}
}
}
return GazList;
}
catch (Exception eSql)
{
Debug.WriteLine("Exception: " + eSql.Message);
}
return null;
}
}
private string selectedOrder;
public Gestion_Stock()
{
this.InitializeComponent();
SelectOrders.ItemsSource = OrdersDataHelper.GetOrders(connectionString: (Windows.UI.Xaml.Application.Current as App).ConnectionString);
}
private void Search_Click(object sender, RoutedEventArgs e)
{
Affichage_Stock_Gaz.ItemsSource = GazDataHelper.GetGaz((Windows.UI.Xaml.Application.Current as App).ConnectionString, selectedOrder);
}
private void SelectOrders_SelectionChanged (object sender, SelectionChangedEventArgs e)
{
ListView selectOrders = sender as ListView;
Orders orders = SelectOrders.SelectedItem as Orders;
selectedOrder = orders.Order_Number;
}
The output:
Exception thrown: 'System.Data.SqlClient.SqlException' in System.Data.SqlClient.dll
Exception: Incorrect syntax near the keyword 'join'
This simple request is working, i don't use a variable and "where" command.
This work:
static public ObservableCollection GetOrders(string connectionString)
{
const string GetOrdersQuery = "" +
"select " +
"tbl_607_order.start_date," +
"tbl_607_order.end_date," +
"tbl_607_provider.provider_name," +
"tbl_607_order.order_number," +
"tbl_607_order.shipping_request_active," +
"tbl_607_order.item_reception_active " +
"from " +
"tbl_607_provider join tbl_607_order on tbl_607_provider.ID = tbl_607_order.FK_ID_provider "
;
Someone would have any idea?
Thanks a lot!
Add the missing space by changing
"SELECT " +
"tbl_607_gaz_type.gaz_type," +
"tbl_607_theorical_content.theorical_content," +
"tbl_607_made_tolerance.made_tolerance," +
"tbl_607_order_details.gaz_lifetime," +
"tbl_607_gaz.gaz_comments," +
"tbl_607_order_details.FK_ID_order," +
"tbl_607_order_details.poste_number, " +
"tbl_607_order.order_number" +
"FROM " +
"tbl_607_provider join tbl_607_order on tbl_607_provider.ID = tbl_607_order.FK_ID_provider " +
"join tbl_607_order_details on tbl_607_order.ID = tbl_607_order_details.FK_ID_order" +
"join tbl_607_gaz on tbl_607_order_details.FK_ID_gaz = tbl_607_gaz.ID " +
"join tbl_607_gaz_type on tbl_607_gaz.FK_ID_gaz_type = tbl_607_gaz_type.ID " +
"join tbl_607_made_tolerance on tbl_607_gaz.FK_ID_made_tolerence = tbl_607_made_tolerance.ID " +
"join tbl_607_theorical_content on tbl_607_gaz.FK_ID_theorical_content = tbl_607_theorical_content.ID " +
"WHERE " +
"tbl_607_order.order_number" + " LIKE " + "'%" + selectedOrder + "%'";
to
"SELECT " +
"tbl_607_gaz_type.gaz_type," +
"tbl_607_theorical_content.theorical_content," +
"tbl_607_made_tolerance.made_tolerance," +
"tbl_607_order_details.gaz_lifetime," +
"tbl_607_gaz.gaz_comments," +
"tbl_607_order_details.FK_ID_order," +
"tbl_607_order_details.poste_number, " +
"tbl_607_order.order_number" +
"FROM " +
"tbl_607_provider join tbl_607_order on tbl_607_provider.ID = tbl_607_order.FK_ID_provider " +
"join tbl_607_order_details on tbl_607_order.ID = tbl_607_order_details.FK_ID_order " + // note the missing space added here
"join tbl_607_gaz on tbl_607_order_details.FK_ID_gaz = tbl_607_gaz.ID " +
"join tbl_607_gaz_type on tbl_607_gaz.FK_ID_gaz_type = tbl_607_gaz_type.ID " +
"join tbl_607_made_tolerance on tbl_607_gaz.FK_ID_made_tolerence = tbl_607_made_tolerance.ID " +
"join tbl_607_theorical_content on tbl_607_gaz.FK_ID_theorical_content = tbl_607_theorical_content.ID " +
"WHERE " +
"tbl_607_order.order_number" + " LIKE " + "'%" + selectedOrder + "%'";
Related
I'm developing an Angular app with Web api.
I have created a service (sellerService) in which I can update some data in my database with HttpClient put.
Above works but it update all the data of my table, something like follows;
Before I update my seller:
After I update my seller:
My sellerService code:
updateSeller(user: string, nbsales: number, pVote: number, nVote: number, idUser: number): Observable<any> {
return this.http.put('http://localhost:50867/api/seller_user/', {
'username': user,
'nbSales': nbsales,
'positiveVote': pVote,
'negativeVote': nVote,
'idUser': idUser
});
}
My update query (DAO (c#)):
public static readonly string UPDATE = "update " + TABLE_NAME + " set "
+ COLUMN_USERNAME + " =#username"
+ ", " + COLUMN_NB_SALES + "=#nbSales"
+ ", " + COLUMN_POSITIVE_VOTE + "=#positiveVote"
+ ", " + COLUMN_NEGATIVE_VOTE + " =#negativeVote"
+ ", " + COLUMN_ID_USER + "=#idUser";
//Update a seller_user
public static bool Update(Seller_user todo)
{
bool state = false;
using (SqlConnection connection = DataBase.GetConnection())
{
connection.Open();
SqlCommand command = new SqlCommand(UPDATE, connection);
//command.Parameters.AddWithValue("#idSeller", todo.idSeller);
command.Parameters.AddWithValue("#username", todo.username);
command.Parameters.AddWithValue("#nbSales", todo.nbSales);
command.Parameters.AddWithValue("#positiveVote", todo.positiveVote);
command.Parameters.AddWithValue("#negativeVote", todo.negativeVote);
command.Parameters.AddWithValue("#idUser", todo.idUser);
state = command.ExecuteNonQuery() != 0;
}
return state;
}
Thanks in advance ;)
You missed where clause in SQL query. So it will update all records.
public static readonly string UPDATE = "update " + TABLE_NAME + " set "
+ COLUMN_USERNAME + " =#username"
+ ", " + COLUMN_NB_SALES + "=#nbSales"
+ ", " + COLUMN_POSITIVE_VOTE + "=#positiveVote"
+ ", " + COLUMN_NEGATIVE_VOTE + " =#negativeVote"
+ ", " + COLUMN_ID_USER + "=#idUser"
+ "WHERE " + COLUMN_ID_USER + "=" + "= #idUser";
So I have been given administration on a website that is basically a company conference room reservation system, it is connected to an access database for room details and vacancies. Problem is, AppScan source is showing a risk of XSS and SQL Injection. This is the complete function in where it is indicating the occurrence of these errors.
protected void btnReserve_Click(object sender, System.EventArgs e)
{
string start_slot, end_slot, event_desc, room_id, emp_nid;
string[] date;
start_slot = ddlStart.SelectedValue;
end_slot = ddlEnd.SelectedValue;
event_desc = txtEventDesc.Text;
room_id = Server.HtmlEncode(Request.QueryString["room_id"]);
emp_nid = Regex.Replace(Request.ServerVariables["LOGON_USER"], #"^.*\\(.*)$", "$1").ToUpper();
date = Request.QueryString["date"].Split('/');
DateTime dt = new DateTime(Convert.ToInt32(date[2]),Convert.ToInt32(date[0]),Convert.ToInt32(date[1]));
string sCmdCheckConflict = #"
SELECT count(*)
FROM t_msc_event
WHERE (event_date = #" +DateTime.Parse(Request.QueryString["date"]).ToString() + #"# )
AND (room_id = " + room_id + #") AND
(
(" + start_slot + #" BETWEEN start_slot AND end_slot) OR
(" + end_slot + #" BETWEEN start_slot AND end_slot) OR
(start_slot BETWEEN " + start_slot + #" AND " + end_slot + #") OR
(end_slot BETWEEN " + start_slot + #" AND " + end_slot + "))";
OleDbCommand cmdConflictCounter = new OleDbCommand(sCmdCheckConflict, cn);
int n;
int event_id;
try
{
cn.Open();
n = (int) cmdConflictCounter.ExecuteScalar();
string Msg;
if (n>0)
{
Msg = "<script language=javascript>alert('Chosen time is not possible due to a conflict.');</script>";
}
else
{
#region MS Access related region
OleDbCommand cmdgetMaxId = new OleDbCommand("select max(event_id) from t_msc_event", cn);
string sCmdInsert;
OleDbCommand cmdInsertEvent = null;
event_id = 0; bool success = false; int trials = 0;
do
{
try
{
event_id = (int) cmdgetMaxId.ExecuteScalar() + 1;
}
catch
{
event_id = 0;
}
sCmdInsert = #"
insert into t_msc_event (event_id,
emp_nid, event_desc, event_date,
start_slot, end_slot, room_id
) values (" + event_id + #",
'" + Server.HtmlEncode(emp_nid) + "', '" + Server.HtmlEncode(event_desc.Replace("'", "''")) + "', #" + dt.ToShortDateString() + "#, " +
start_slot + ", " + end_slot + ", " + room_id + ")";
cmdInsertEvent = new OleDbCommand(sCmdInsert, cn);
cmdInsertEvent.ExecuteNonQuery();
success = true;
} while ((!success) && (trials <=5));
OleDbDataAdapter daGetSlots = new OleDbDataAdapter("select slot_id, left(slot_desc,5) as slot_start, right(slot_desc,5) as slot_end from t_msc_slot order by slot_id", cn);
DataTable dtSlotInfo = new DataTable();
daGetSlots.Fill(dtSlotInfo);
OleDbCommand cmdGetRoolTitle = new OleDbCommand("select room_title from t_msc_room where room_id=" + Server.HtmlEncode(room_id), cn);
string room_title = (string) cmdGetRoolTitle.ExecuteScalar();
string msg = "Dear " + emp_nid +
",<br><br>This is to confirm your reservation of " +
room_title +
" on " + dt.ToShortDateString() + " from " +
dtSlotInfo.Rows[Convert.ToInt32(start_slot)]["slot_start"].ToString() + " to " +
dtSlotInfo.Rows[Convert.ToInt32(end_slot)]["slot_end"].ToString() + "." +
"<br><br>In case you want to cancel, go to " +
"<a href='" + Regex.Replace(Request.Url.ToString(), #"^(.*)/.*\.aspx\?*.*$", "$1/MyReservations.aspx") + "'>" +
"MS Conference Rooms Reservation -> MyReservatios</a>";
#endregion
string subject = "MS Conference Room Reservation Confirmation [id=" + event_id + "]";
try
{
SendEmail(emp_nid, subject, msg);
Msg = "<script language=javascript>alert('Room successfully reserved. You should receive a confirmation email shortly.'); if (opener) {opener.__doPostBack('" + Request.QueryString["btnGetScheduleID"].Replace("_","$") + "', '');} window.close();</script>";
}
catch
{
Msg = "<script language=javascript>alert('Room successfully reserved.'); if (opener) {opener.__doPostBack('" + Request.QueryString["btnGetScheduleID"].Replace("_","$") + "', '');} window.close();</script>";
}
}
Response.Write(Msg);
}
catch (Exception x)
{
Response.Write(x.ToString());
string Msg;
Msg = "<script language=javascript>alert('Error: " + x.ToString() + "');</script>";
Response.Write(Msg);
}
finally
{
cn.Close();
}
}
Sorry for having to show you the whole function as I have really no idea what I need to do here, this isn't my app.
what I did do is 1) Enable Request Validation in ASP.NET 2) encode user input by using Server.HtmlEncode(); but it is still reporting the same thing. Note that both start_slot and end_slot are DDLs so I thought I wouldn't need to encode/check them before sending. Would you please help me in modifying this code to neglect harmful user input? Thank you loads.
The correct way to use parameterized SQL query is
string commandText = "UPDATE ProductDetails
SET ProductQuantity = #quantity WHERE ProductId = #productId";
SqlCommand command = new SqlCommand(commandText, connection);
command.Parameters.AddWithValue("#productId", "P123");
command.Parameters.AddWithValue("#quantity", 10);
You can safely replace the "P123" with user provided input now.
I inherited a project that is populating TreeNode from SQL. I want to add three columns but syntax checker doesn't like what I'm adding but appears consistent with examples in blogs.
TreeNode field = new TreeNode(rdr["VistaFieldNumber"].ToString() + " - " + rdr["VistaFieldName"].ToString()); // current working code
TreeNode field = new TreeNode(rdr["VistaFieldNumber"].ToString() + " - " + rdr["VistaFieldName"].ToString() + " - " + rdr["FieldType"].ToString() + " - " + rdr["PointsToFileNumber"].ToString() + " - " + rdr["FieldLength"].ToString()); //possible replacement code that works but I would have to parse it later
TreeNode field = new TreeNode(rdr["VistaFieldNumber"].ToString() + " - " + rdr["VistaFieldName"].ToString(), rdr["FieldType"].ToString(), rdr["PointsToFileNumber"].ToString(), rdr["FieldLength"].ToString()); //bad syntax beginning at first comma
Method:
private void getFileManFields(TreeNode node)
{
node.Nodes.Clear();
String fileNumber = node.Tag.ToString();
String sta3n = cbRegionSites.SelectedItem.ToString().Substring(1, 3);
SqlConnection cdw = new SqlConnection(ConfigurationManager.ConnectionStrings["CDW"].ConnectionString);
cdw.Open();
//SqlCommand cmd = new SqlCommand("SELECT VistaFieldNumber,VistaFieldName,MultipleFileNumber FROM CDWWork.Dim.VistaField WHERE Sta3n=" + sta3n + " AND VistaFileNumber='" + fileNumber + "' ORDER BY CAST(VistaFieldNumber As NUMERIC(30,10))", cdw);
SqlCommand cmd = new SqlCommand("SELECT VistaFieldNumber,VistaFieldName,MultipleFileNumber,FieldType,PointsToFileNumber,FieldLength FROM CDWWork.Dim.VistaField WHERE Sta3n=" + sta3n + " AND VistaFileNumber='" + fileNumber + "' ORDER BY CAST(VistaFieldNumber As NUMERIC(30,10))", cdw);
SqlDataReader rdr = cmd.ExecuteReader();
while (rdr.Read())
{
//TreeNode field = new TreeNode(rdr["VistaFieldNumber"].ToString() + " - " + rdr["VistaFieldName"].ToString());
//TreeNode field = new TreeNode(rdr["VistaFieldNumber"].ToString() + " - " + rdr["VistaFieldName"].ToString() + " - " + rdr["FieldType"].ToString() + " - " + rdr["PointsToFileNumber"].ToString() + " - " + rdr["FieldLength"].ToString());
TreeNode field = new TreeNode(rdr["VistaFieldNumber"].ToString() + " - " + rdr["VistaFieldName"].ToString(), rdr["FieldType"].ToString(), rdr["PointsToFileNumber"].ToString(), rdr["FieldLength"].ToString());
field.Tag = rdr["VistaFieldNumber"].ToString();
if (rdr["MultipleFileNumber"].ToString().Length > 0)
{
field.Tag = rdr["MultipleFileNumber"].ToString();
field.Nodes.Add("RemoveNode");
}
node.Nodes.Add(field);
}
rdr.Close();
rdr.Dispose();
cmd.Dispose();
cdw.Close();
cdw.Dispose();
}
I am newbie to c# I want to have headers and footers when saving the text file which is generated on the data grid view.
when I run a sql query it should generate 3 column values as headers and 3 columns values as footers.
headers recordtype,cpcnumber,filesequence number;
footers record type,no of requests,total court fee,claim amount; I don't how to get these records when i run this command as headers/footers. Any help would be greatly appreciated..
private void btnGetData_Click(object sender, EventArgs e)
{
this.btnGetData.Enabled = false;
Application.DoEvents();
string stringSql = " SELECT distinct " +
"'" + comboBox6.Text + "' as RecordType" +
" , left([CPC No] +' ',30) " +
" , space(1983) " +
",'" + comboBox6.Text + " 'as RecordType" +
, left(t.t_reference + ' ' ,24 ) as ClaimantReference " +
" , left([Claim Number] +' ',30) " +
" , " + comboBox4.Text + " as CourtCode" +
" ,left(ta_title +' ',30) as Title " +
" ,left(ta_surname +' ',30) as Surname " +
", space(180), bat.PCN_Charge as ClaimAmount " +
",[Court Fee] " +
",[Solictors Fees]" +
", (bat.PCN_Charge + [Court Fee]) as TotalAmount" +
",[POC1]" +
",'" + textBox2.Text + "' as RequestType" +
//",'" + comboBox1.Text + "' as RecordType" +
",'" + textBox3.Text + "' as TotalCourtFee" +
",'" + textBox4.Text + "' as TotalClaimAmount" +
" , space(1966) " +
" FROM tickets t " +
" LEFT OUTER JOIN " +
"( " +
" SELECT ticket_addresses.ta_system_ref, ta_title, ta_othername, ta_surname, ta_house_number, ta_address_1, ta_address_2, " +
" ta_address_3, ta_address_4, ta_post_code, ta_telephone, ta_organisation " +
" FROM ticket_addresses " +
" INNER JOIN " +
" ( " +
" SELECT ticket_addresses.ta_system_ref, MAX(ta_address_code) AS ta_address_code " +
" FROM ticket_addresses " +
" GROUP BY ta_system_ref " +
" ) ad " +
" ON (ticket_addresses.ta_system_ref=ad.ta_system_ref AND ticket_addresses.ta_address_code=ad.ta_address_code) " +
")ta " +
"ON (t.t_number=ta.ta_system_ref) " +
" " +
" Inner JOIN " +
" ticket_hold_record b " +
" ON ( t.t_number = b.thr_system_ref) " +
" " +
"Inner JOIN " +
"Rpt_PCNBalance_ALLTickets bat " +
"ON (t.t_number = bat.t_number) " +
" " +
"Inner JOIN " +
"hold_reasons ch " +
"ON (b.thr_hold_type = ch.hr_code) " +
" " +
"Inner JOIN " +
" [VCS].[dbo].[Courtfees] cf " +
" ON (bat.Payments >= cf. [Min ClaimAmount]) and (bat.Payments <= cf.[Max Claim Amount]) " +
" " +
"Inner JOIN " +
" [VCS].[dbo].[sites] s " +
" ON (t.t_contract = s.Contract) " +
" " +
"Inner JOIN " +
" [VCS].[dbo].[claim info] cc " +
" ON (cc.Code COLLATE DATABASE_DEFAULT = t.t_offence_code COLLATE DATABASE_DEFAULT) " +
" and t.t_reference IN {where} ";
//Generate list of Ticket IDS for SQL Where Clause
string whereClause = "";
string[] tempArray = new string[this.txt.Lines.Length];
tempArray = this.txt.Lines;
if (this.txt.Lines.Length == 0)
{
return;
}
for (int counter = 0; counter <= tempArray.Length-1; counter++)
{
if (tempArray[counter].Trim().Length > 0)
{
whereClause = whereClause + "'" + tempArray[counter] + "'" + ", ";
}
}
whereClause = whereClause.TrimEnd(' ', ',');
whereClause = "(" + whereClause + ")";
stringSql = stringSql.Replace("{where}", whereClause);
myDataset = new DataSet("SQL");
SqlConnection myConn = new SqlConnection();
SqlCommand myCommand = new SqlCommand();
myCommand.CommandType = CommandType.Text;
myCommand.CommandText = stringSql;
myCommand.Connection = myConn;
SqlDataAdapter myAdapter = new SqlDataAdapter();
myAdapter.SelectCommand = myCommand;
myAdapter.Fill(myDataset);
this.dataGridView1.DataSource = myDataset.Tables[0];
for (int counter = 0; counter < myDataset.Tables[0].Columns.Count; counter++)
{
this.dataGridView1.Columns[counter].SortMode = DataGridViewColumnSortMode.NotSortable;
}
this.dataGridView1.Refresh();
myConn.Close(); this.btnGetData.Enabled = true;
this.btnSave.Enabled = true;
Application.DoEvents();
}
I am developing some reports using ReportViewer and at certain point I have to connect to an Oracle database to retrieve some data and store it in a DataTable.
When the DataAdapter executes the Fill method I get this error:
"Attempted to read or write protected memory. This is often an indication that other memory is corrupt."
Here's the code(unfortunatelly I can't put that sql code inside a procedure or something):
OleDbConnection objConn = new OleDbConnection(ConfigurationManager.ConnectionStrings["Premio"].ConnectionString);
OleDbCommand objCmd = new OleDbCommand();
DataTable objDt = new DataTable();
int vTipoTerr = LoadTipoTerritorio(ReportParameter.ReportData.Parameters.Item("pTerritorio").Value.ToString());
string vDataParametroDataFinal = ReportParameter.ReportData.Parameters.Item("pMesAnoCompetencia").Value.ToString();
int vDataInicial = int.Parse(vDataParametroDataFinal.Substring(0, 4));
vDataInicial = vDataInicial - 1;
vDataInicial = int.Parse(vDataInicial.ToString() + vDataParametroDataFinal.Substring(4, 2));
objCmd.CommandText = "SELECT T.Nome, " +
" T.Prontuario, " +
" C.Cobertura, " +
" Cn.Mesano_competencia, " +
" G.Grupo, " +
" T.Territorio, " +
" N.Negocio " +
" FROM Calculo C " +
" Inner Join Territorio T " +
" ON C.Id_Territorio = T.Id_Territorio " +
" Inner Join Grupo G " +
" ON C.Id_Grupo = G.Id_Grupo " +
" Inner Join Cenario Cn " +
" On Cn.Id_cenario = C.Id_cenario " +
" Inner Join Negocio N " +
" On Cn.Id_negocio = N.Id_negocio " +
" Where Cn.Mesano_competencia Between :p1 And :p2 --datas " +
" And G.Grupo = :p3 " +
" And Sub_terr(T.Territorio, Decode(:p4, 1, 'SETOR', 2, 'DISTRITO', 3, 'REGIONAL')) = :p5 " +
" And (Cn.Flag_cenario_disp = 1 Or Cn.Flag_cenario_disp_rec = 1) " +
" And N.Negocio = :p6 " +
" And Cn.Flag_recuperacao = 0 " +
" Order By Cn.Mesano_competencia; " +
"union all " +
"SELECT T.Nome, " +
" T.Prontuario, " +
" C.Cobertura, " +
" Cn.Mesano_competencia, " +
" G.Grupo, " +
" T.Territorio, " +
" N.Negocio " +
" FROM Calculo_Rec C " +
" Inner Join Territorio T " +
" ON C.Id_Territorio = T.Id_Territorio " +
" Inner Join Grupo G " +
" ON C.Id_Grupo = G.Id_Grupo " +
" Inner Join Cenario Cn " +
" On Cn.Id_cenario = C.Id_cenario " +
" Inner Join Negocio N " +
" On Cn.Id_negocio = N.Id_negocio " +
" Where Cn.Mesano_competencia Between :p1 And :p2 " +
" And G.Grupo = :p3 " +
" And Sub_terr(T.Territorio, Decode(:p4, 1, 'SETOR', 2, 'DISTRITO', 3, 'REGIONAL')) = :p5 " +
" And (Cn.Flag_cenario_disp = 1 Or Cn.Flag_cenario_disp_rec = 1) " +
" And N.Negocio = :p6 " +
" And Cn.Flag_recuperacao = 1 " +
" Order By Cn.Mesano_competencia ";
objCmd.Parameters.Add(new OleDbParameter("p1", OleDbType.Integer)).Value = vDataInicial;
objCmd.Parameters.Add(new OleDbParameter("p2", OleDbType.Integer)).Value = int.Parse(vDataParametroDataFinal);
objCmd.Parameters.Add(new OleDbParameter("p3", OleDbType.VarChar, 30)).Value = ReportParameter.ReportData.Parameters.Item("pGrupo").Value.ToString();
objCmd.Parameters.Add(new OleDbParameter("p4", OleDbType.Integer)).Value = vTipoTerr;
objCmd.Parameters.Add(new OleDbParameter("p5", OleDbType.VarChar, 30)).Value = ReportParameter.ReportData.Parameters.Item("pTerritorio").Value.ToString();
objCmd.Parameters.Add(new OleDbParameter("p6", OleDbType.VarChar, 30)).Value = ReportParameter.ReportData.Parameters.Item("pNegocio").Value.ToString();
OleDbDataAdapter objAdapter = new OleDbDataAdapter(objCmd);
objConn.Open();
objAdapter.Fill(objDt);
objConn.Close();
Thank you very much (:
Try using OracleCommand and OracleConnection objects instead:
OracleConnection objConn = new OracleConnection (ConfigurationManager.ConnectionStrings["Premio"].ConnectionString);
OracleCommand objCmd = new OracleCommand ();