PL/SQL missing right parenthesis

Hey folks im getting a sql error all the way at the bottom right before the execute statement at the end of the code block:

stmt := v_first_sql || stmt || v_order_by_sql || v_last_sql;

any ideas of what Im doing wrong?

thanks

FUNCTION search_data
(                      
    p_start_ind     IN NUMBER,
    p_end_ind       IN NUMBER,
    p_cols_sort_by IN char_tab,
    p_sort_orders     IN char_tab,                                                     
    p_sor_number        IN VARCHAR2,
    p_tcn           IN VARCHAR2,
    p_sock             IN NUMBER,
    p_work_id    IN NUMBER,
    p_sap              in NUMBER


)
RETURN bean_list
IS
    stmt                VARCHAR2(4000);
    result              bean_list;
    v_jp_ids            VARCHAR2(50);
    v_first_sql         VARCHAR2(512); 
    v_row_count         NUMBER;               
BEGIN
   v_row_count := p_end_index - p_start_index + 1;

   v_first_sql := 'BEGIN ';
   v_first_sql := v_first_sql || ' SELECT item_search( id, mwslin,sor_code, fyear, wyear,';
   v_first_sql := v_first_sql || '  sock,  tcn, non, nomen,sap';
   v_first_sql := v_first_sql || ' row_count )';
   v_first_sql := v_first_sql || ' BULK COLLECT INTO :bind_var1';       
   v_first_sql := v_first_sql || ' FROM';
   v_first_sql := v_first_sql || ' (';
   v_first_sql := v_first_sql || ' SELECT /*+ FIRST_ROWS(' || TO_CHAR(v_row_count) || ') */ ';
   v_开发者_JS百科first_sql := v_first_sql || ' ROWNUM rnum, a.*'; 
   v_first_sql := v_first_sql || ' FROM';
   v_first_sql := v_first_sql || ' (';
   v_first_sql := v_first_sql || ' SELECT ob.*, COUNT(*) OVER () AS row_count';
   v_first_sql := v_first_sql || ' FROM';
   v_first_sql := v_first_sql || ' (';   

        v_order_by_sql := ' ) ob ' || temp_pkg.get_number_by( p_columns_sort_by, p_sort_orders );
          v_last_sql := ' ) a';
   v_last_sql := v_last_sql || ' WHERE rownum <= ' || TO_CHAR(p_end_index);
   v_last_sql := v_last_sql || ' )';
   v_last_sql := v_last_sql || ' WHERE rnum >= ' || TO_CHAR(p_start_index);
   v_last_sql := v_last_sql || ' ORDER BY rnum;';
   v_last_sql := v_last_sql || ' END;';




    stmt := v_first_sql || stmt    
 EXECUTE IMMEDIATE stmt USING OUT result;

 RETURN result;

END search_data;

---

The parentheses in YOUR code appear to be balanced, so clearly the problem is in the text introduced by

temp_pkg.get_order_by( p_columns_sort_by, p_sort_orders )

This function must be returning unbalanced parens.

By the way, unless you've gone to great lengths to sanitize the input, this is a SQL injection attack waiting to happen.