Hiro2K is absolutely right. The OracleCodec and other similar SQL DB codecs are not intended to be a substitute for parameterized types (in Java, using PrepareStatements). Rather, they are intended for those (hopefully very few) niche cases where you may not be able to use a PrepareStatement. One example might be where you have to call some third party API which you know calls an Oracle JDBC driver under the hood but you aren't sure whether that API is using parameterized types.
However, that said, I don't see anything that you did in how you called ESAPI that would have resulted in the DefaultEncoder CTOR throwing an InvocationTargetException. That is something that I've not seen before. It may be related to something in your ESAPI.properties file (for instance, if you tried to use an ESAPI 1.4 ESAPI.properties file with ESAPI 2.0.x).
Could you post your exception stack trace so I can take a look at it? You may have found a bug.
Thanks,
-kevin wall