I'm trying to insert data into a database, but cannot insert the variable Byte[] bytes
. When I change the data type in the database to image, I can insert, but when I change it to varbinary(max) this error shows up:
An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name. Incorrect syntax near ''.
How can I fix this problem?
protected void btnUpload_Click(object sender, EventArgs e)
{
HttpPostedFile postedFile = FileUpload1.PostedFile;
string filename = Path.GetFileName(postedFile.FileName);
string fileExtension = Path.GetExtension(filename);
int fileSize = postedFile.ContentLength;
int FkAlbum = Int32.Parse(ddlSubjects.SelectedValue);
String PicDetail = DropDownList1.SelectedValue;
String Artists = System.Configuration.ConfigurationManager.ConnectionStrings["FleetManagementConnectionString"].ConnectionString;
System.Data.SqlClient.SqlConnection con = new System.Data.SqlClient.SqlConnection(Artists);
//An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name.
//Incorrect syntax near ''.An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name.
//Incorrect syntax near ''.
if (fileExtension.ToLower() == ".jpg" || fileExtension.ToLower() == ".gif"
|| fileExtension.ToLower() == ".png" || fileExtension.ToLower() == ".bmp")
{
Stream stream = postedFile.InputStream;
BinaryReader binaryReader = new BinaryReader(stream);
Byte[] bytes = binaryReader.ReadBytes((int)stream.Length);
System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("Insert into Images (ImageName,ImageData,PicDetail,ImageSize,AlbumID) values('" + filename + "','" + bytes + "','" + PicDetail + "'," + fileSize + "," + FkAlbum + ")", con);
//System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("Insert into Images (ImageName,PicDetail,ImageSize,AlbumID) values('" + filename + "','" + PicDetail + "'," + fileSize + "," + FkAlbum + ")", con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
lblMessage.Visible = true;
lblMessage.Text = "ThaNK YOU";
}
else
{
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "Only images (.jpg, .png, .gif and .bmp) can be uploaded";
hyperlink.Visible = false;
}
}
}
Use SqlCommand parameters to avoid SQL injection. Don't build a SQL statement string by inserting values. This may actually resolve your problem as well.
SqlCommand command = new SqlCommand(@"INSERT INTO Images (ImageName, ImageData, PicDetail, ImageSize, AlbumID)
VALUES (@ImageName, @ImageData, @PicDetail, @ImageSize, @AlbumId)", con);
command.Parameters.AddWithValue("@ImageName", filename);
command.Parameters.AddWithValue("@ImageData", bytes);
command.Parameters.AddWithValue("@PicDetail", PicDetail);
command.Parameters.AddWithValue("@ImageSize", fileSize);
command.Parameters.AddWithValue("@AlbumId", FkAlbum);
https://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcommand.parameters(v=vs.110).aspx
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.