![](/img/trans.png)
[英]How to pass byte[] from C# as string to SQL Server stored procedure and convert into varbinary(MAX)
[英]How to store image to database C# / how to convert Byte[] to varbinary(max) C#
我正在嘗試將數據插入數據庫,但是無法插入變量Byte[] bytes
。 當我將數據庫中的數據類型更改為image時,可以插入,但是當我將其更改為varbinary(max)時,將顯示以下錯誤:
對象或列名稱丟失或為空。 對於SELECT INTO語句,請驗證每個列都有一個名稱。 對於其他語句,請查找空別名。 不允許將別名定義為“”或[]。 將別名更改為有效名稱。 ”附近的語法不正確。
我該如何解決這個問題?
protected void btnUpload_Click(object sender, EventArgs e)
{
HttpPostedFile postedFile = FileUpload1.PostedFile;
string filename = Path.GetFileName(postedFile.FileName);
string fileExtension = Path.GetExtension(filename);
int fileSize = postedFile.ContentLength;
int FkAlbum = Int32.Parse(ddlSubjects.SelectedValue);
String PicDetail = DropDownList1.SelectedValue;
String Artists = System.Configuration.ConfigurationManager.ConnectionStrings["FleetManagementConnectionString"].ConnectionString;
System.Data.SqlClient.SqlConnection con = new System.Data.SqlClient.SqlConnection(Artists);
//An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name.
//Incorrect syntax near ''.An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name.
//Incorrect syntax near ''.
if (fileExtension.ToLower() == ".jpg" || fileExtension.ToLower() == ".gif"
|| fileExtension.ToLower() == ".png" || fileExtension.ToLower() == ".bmp")
{
Stream stream = postedFile.InputStream;
BinaryReader binaryReader = new BinaryReader(stream);
Byte[] bytes = binaryReader.ReadBytes((int)stream.Length);
System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("Insert into Images (ImageName,ImageData,PicDetail,ImageSize,AlbumID) values('" + filename + "','" + bytes + "','" + PicDetail + "'," + fileSize + "," + FkAlbum + ")", con);
//System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("Insert into Images (ImageName,PicDetail,ImageSize,AlbumID) values('" + filename + "','" + PicDetail + "'," + fileSize + "," + FkAlbum + ")", con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
lblMessage.Visible = true;
lblMessage.Text = "ThaNK YOU";
}
else
{
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "Only images (.jpg, .png, .gif and .bmp) can be uploaded";
hyperlink.Visible = false;
}
}
}
使用SqlCommand參數可以避免SQL注入。 不要通過插入值來構建SQL語句字符串。 這實際上也可以解決您的問題。
SqlCommand command = new SqlCommand(@"INSERT INTO Images (ImageName, ImageData, PicDetail, ImageSize, AlbumID)
VALUES (@ImageName, @ImageData, @PicDetail, @ImageSize, @AlbumId)", con);
command.Parameters.AddWithValue("@ImageName", filename);
command.Parameters.AddWithValue("@ImageData", bytes);
command.Parameters.AddWithValue("@PicDetail", PicDetail);
command.Parameters.AddWithValue("@ImageSize", fileSize);
command.Parameters.AddWithValue("@AlbumId", FkAlbum);
https://msdn.microsoft.com/zh-CN/library/system.data.sqlclient.sqlcommand.parameters(v=vs.110).aspx
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.