ORA-00907: missing right parenthesis with a SQL Statement in C#

Question

When running the below query getting the above error,

String sql = "((NAME= '" + sReceipts[0] + "' ) OR (SECTION IN ('RECEIPT', 'PROJECT') AND NAME IS NULL))";

sReceipts[0] value is 'Tom's' (with an APOSTROPHE) gives the error

But if sReceipts[0] = 'Ann' no error occur.

Tried to solve with String.Format but I couldn't. What is the best approach please?

SpruceMoose · Answer 1 · 2017-09-27T11:54:52.323

You should use parameterised queries such as the below:

OracleCommand oraCommand = new OracleCommand("SELECT YourColumn FROM 
YourTable WHERE ((NAME= :receiptName ) OR (SECTION IN ('RECEIPT', 'PROJECT') AND NAME IS NULL))", db);
oraCommand.Parameters.Add(new OracleParameter("recieptName", sReceipts[0]));

See MSDN OracleCommand.Parameters Property if you are using the Microsoft class and OracleParameterCollection for the equivalent Oracle parameter collection.

score -2 · Answer 2 · answered Sep 27 '17 at 11:41

-2

I would wrap sReceipts[0] in a regular expression that replaces the apostrophe with two apostrophes.

Escaping single quote

Oracle regular expressions

answered Sep 27 '17 at 11:41

Mark Wagoner

1,729
1
13
20

1

No, manually escaping is *extremely* error-prone. Parameterized queries are the way forward here. – Jon Skeet Sep 27 '17 at 11:43

ORA-00907: missing right parenthesis with a SQL Statement in C#

2 Answers2