Parameterized queries to create a user throwing missing user or role name exception
up vote
0
down vote
favorite
I'm trying to run a CREATE USER query on an oracle 12 database using the Oracle.ManagedDataAccess library. This query works perfectly without using named parameters. But when i try to use named parameters it looks like the parameters are not passed to the query correctly.
I try the use the parameters with the following code (Note: Im using Oracle.ManagedDataAccess library):
using(OracleConnection con = new OracleConnection(_connectionString)) {
con.Open();
using(OracleCommand cmd = con.CreateCommand()) {
cmd.CommandText = "CREATE USER :username IDENTIFIED BY :password";
cmd.Parameters.Add("username", "A_TESTUSER");
cmd.Parameters.Add("password", "A_PASSWORD");
//cmd.Parameters.Add(":username", "A_TESTUSER"); <- also tried
//cmd.Parameters.Add(":password", "A_PASSWORD"); <- also tried
//cmd.Parameters.Add(":username", OracleDbType.Varchar2).Value = "A_TESTUSER"; <- also tried
//cmd.Parameters.Add(":password", OracleDbType.Varchar2).Value = "A_TESTPASS"; <- also tried
cmd.ExecuteNonQuery();
}
}
which results in the following exception.
Oracle.ManagedDataAccess.Client.OracleException (0x80004005): ORA-01935: missing user or role name.
The query works when I set when i run the query with the data inline like this
cmd.CommandText = "CREATE USER A_TESTUSER IDENTIFIED BY A_PASSWORD";
I also tried to use @ instead of : to indicate the parameters without succes. How should I pass the parameters to the query?
c# .net oracle named-parameters
asked Nov 22 at 11:41
Mark Baijens
6,460103252
add a comment |
up vote
0
down vote
favorite
I'm trying to run a CREATE USER query on an oracle 12 database using the Oracle.ManagedDataAccess library. This query works perfectly without using named parameters. But when i try to use named parameters it looks like the parameters are not passed to the query correctly.
I try the use the parameters with the following code (Note: Im using Oracle.ManagedDataAccess library):
using(OracleConnection con = new OracleConnection(_connectionString)) {
con.Open();
using(OracleCommand cmd = con.CreateCommand()) {
cmd.CommandText = "CREATE USER :username IDENTIFIED BY :password";
cmd.Parameters.Add("username", "A_TESTUSER");
cmd.Parameters.Add("password", "A_PASSWORD");
//cmd.Parameters.Add(":username", "A_TESTUSER"); <- also tried
//cmd.Parameters.Add(":password", "A_PASSWORD"); <- also tried
//cmd.Parameters.Add(":username", OracleDbType.Varchar2).Value = "A_TESTUSER"; <- also tried
//cmd.Parameters.Add(":password", OracleDbType.Varchar2).Value = "A_TESTPASS"; <- also tried
cmd.ExecuteNonQuery();
}
}
which results in the following exception.
Oracle.ManagedDataAccess.Client.OracleException (0x80004005): ORA-01935: missing user or role name.
The query works when I set when i run the query with the data inline like this
cmd.CommandText = "CREATE USER A_TESTUSER IDENTIFIED BY A_PASSWORD";
I also tried to use @ instead of : to indicate the parameters without succes. How should I pass the parameters to the query?
c# .net oracle named-parameters
asked Nov 22 at 11:41
Mark Baijens
6,460103252
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm trying to run a CREATE USER query on an oracle 12 database using the Oracle.ManagedDataAccess library. This query works perfectly without using named parameters. But when i try to use named parameters it looks like the parameters are not passed to the query correctly.
I try the use the parameters with the following code (Note: Im using Oracle.ManagedDataAccess library):
using(OracleConnection con = new OracleConnection(_connectionString)) {
con.Open();
using(OracleCommand cmd = con.CreateCommand()) {
cmd.CommandText = "CREATE USER :username IDENTIFIED BY :password";
cmd.Parameters.Add("username", "A_TESTUSER");
cmd.Parameters.Add("password", "A_PASSWORD");
//cmd.Parameters.Add(":username", "A_TESTUSER"); <- also tried
//cmd.Parameters.Add(":password", "A_PASSWORD"); <- also tried
//cmd.Parameters.Add(":username", OracleDbType.Varchar2).Value = "A_TESTUSER"; <- also tried
//cmd.Parameters.Add(":password", OracleDbType.Varchar2).Value = "A_TESTPASS"; <- also tried
cmd.ExecuteNonQuery();
}
}
which results in the following exception.
Oracle.ManagedDataAccess.Client.OracleException (0x80004005): ORA-01935: missing user or role name.
The query works when I set when i run the query with the data inline like this
cmd.CommandText = "CREATE USER A_TESTUSER IDENTIFIED BY A_PASSWORD";
I also tried to use @ instead of : to indicate the parameters without succes. How should I pass the parameters to the query?
c# .net oracle named-parameters
asked Nov 22 at 11:41
Mark Baijens
6,460103252
I'm trying to run a CREATE USER query on an oracle 12 database using the Oracle.ManagedDataAccess library. This query works perfectly without using named parameters. But when i try to use named parameters it looks like the parameters are not passed to the query correctly.
I try the use the parameters with the following code (Note: Im using Oracle.ManagedDataAccess library):
using(OracleConnection con = new OracleConnection(_connectionString)) {
con.Open();
using(OracleCommand cmd = con.CreateCommand()) {
cmd.CommandText = "CREATE USER :username IDENTIFIED BY :password";
cmd.Parameters.Add("username", "A_TESTUSER");
cmd.Parameters.Add("password", "A_PASSWORD");
//cmd.Parameters.Add(":username", "A_TESTUSER"); <- also tried
//cmd.Parameters.Add(":password", "A_PASSWORD"); <- also tried
//cmd.Parameters.Add(":username", OracleDbType.Varchar2).Value = "A_TESTUSER"; <- also tried
//cmd.Parameters.Add(":password", OracleDbType.Varchar2).Value = "A_TESTPASS"; <- also tried
cmd.ExecuteNonQuery();
}
}
which results in the following exception.
Oracle.ManagedDataAccess.Client.OracleException (0x80004005): ORA-01935: missing user or role name.
The query works when I set when i run the query with the data inline like this
cmd.CommandText = "CREATE USER A_TESTUSER IDENTIFIED BY A_PASSWORD";
I also tried to use @ instead of : to indicate the parameters without succes. How should I pass the parameters to the query?
c# .net oracle named-parameters
c# .net oracle named-parameters
asked Nov 22 at 11:41
Mark Baijens
6,460103252
asked Nov 22 at 11:41
Mark Baijens
6,460103252
edited Nov 22 at 12:36
asked Nov 22 at 11:41
Mark Baijens
6,460103252
asked Nov 22 at 11:41
Mark Baijens
6,460103252
asked Nov 22 at 11:41
Mark Baijens
6,460103252
6,460103252
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
accepted
I don't think you can use parameterized queries for CREATE USER, so it should be
cmd.CommandText = String.Format("CREATE USER {0} IDENTIFIED BY "{1}"", "A_TESTUSER", "A_PASSWORD");
Note: Although this solution works, it does not protect you from SQL injection. You should do the needed checks on your inputs in addition to this.
edited Nov 22 at 14:18
Mark Baijens
6,460103252
answered Nov 22 at 12:51
Wernfried Domscheit
23.6k42857
I read up on the subject a bit and it does seems right, not only for oracle but in general you can not do that forCREATE USERand some other query's. Edited in a warning about SQL injection for possible future readers.
– Mark Baijens
Nov 22 at 14:19
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
accepted
I don't think you can use parameterized queries for CREATE USER, so it should be
cmd.CommandText = String.Format("CREATE USER {0} IDENTIFIED BY "{1}"", "A_TESTUSER", "A_PASSWORD");
Note: Although this solution works, it does not protect you from SQL injection. You should do the needed checks on your inputs in addition to this.
edited Nov 22 at 14:18
Mark Baijens
6,460103252
answered Nov 22 at 12:51
Wernfried Domscheit
23.6k42857
I read up on the subject a bit and it does seems right, not only for oracle but in general you can not do that forCREATE USERand some other query's. Edited in a warning about SQL injection for possible future readers.
– Mark Baijens
Nov 22 at 14:19
add a comment |
up vote
0
down vote
accepted
I don't think you can use parameterized queries for CREATE USER, so it should be
cmd.CommandText = String.Format("CREATE USER {0} IDENTIFIED BY "{1}"", "A_TESTUSER", "A_PASSWORD");
Note: Although this solution works, it does not protect you from SQL injection. You should do the needed checks on your inputs in addition to this.
edited Nov 22 at 14:18
Mark Baijens
6,460103252
answered Nov 22 at 12:51
Wernfried Domscheit
23.6k42857
I read up on the subject a bit and it does seems right, not only for oracle but in general you can not do that forCREATE USERand some other query's. Edited in a warning about SQL injection for possible future readers.
– Mark Baijens
Nov 22 at 14:19
add a comment |
up vote
0
down vote
accepted
up vote
0
down vote
accepted
I don't think you can use parameterized queries for CREATE USER, so it should be
cmd.CommandText = String.Format("CREATE USER {0} IDENTIFIED BY "{1}"", "A_TESTUSER", "A_PASSWORD");
Note: Although this solution works, it does not protect you from SQL injection. You should do the needed checks on your inputs in addition to this.
edited Nov 22 at 14:18
Mark Baijens
6,460103252
answered Nov 22 at 12:51
Wernfried Domscheit
23.6k42857
I don't think you can use parameterized queries for CREATE USER, so it should be
cmd.CommandText = String.Format("CREATE USER {0} IDENTIFIED BY "{1}"", "A_TESTUSER", "A_PASSWORD");
Note: Although this solution works, it does not protect you from SQL injection. You should do the needed checks on your inputs in addition to this.
edited Nov 22 at 14:18
Mark Baijens
6,460103252
answered Nov 22 at 12:51
Wernfried Domscheit
23.6k42857
edited Nov 22 at 14:18
Mark Baijens
6,460103252
edited Nov 22 at 14:18
Mark Baijens
6,460103252
edited Nov 22 at 14:18
Mark Baijens
6,460103252
6,460103252
answered Nov 22 at 12:51
Wernfried Domscheit
23.6k42857
answered Nov 22 at 12:51
Wernfried Domscheit
23.6k42857
answered Nov 22 at 12:51
Wernfried Domscheit
23.6k42857
23.6k42857
I read up on the subject a bit and it does seems right, not only for oracle but in general you can not do that forCREATE USERand some other query's. Edited in a warning about SQL injection for possible future readers.
– Mark Baijens
Nov 22 at 14:19
add a comment |
I read up on the subject a bit and it does seems right, not only for oracle but in general you can not do that forCREATE USERand some other query's. Edited in a warning about SQL injection for possible future readers.
– Mark Baijens
Nov 22 at 14:19
I read up on the subject a bit and it does seems right, not only for oracle but in general you can not do that for
CREATE USER and some other query's. Edited in a warning about SQL injection for possible future readers.– Mark Baijens
Nov 22 at 14:19
I read up on the subject a bit and it does seems right, not only for oracle but in general you can not do that for
CREATE USER and some other query's. Edited in a warning about SQL injection for possible future readers.– Mark Baijens
Nov 22 at 14:19
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53430233%2fparameterized-queries-to-create-a-user-throwing-missing-user-or-role-name-except%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
