private void button2_Click(object sender, EventArgs e)
{
// my sql server connection
con = new SqlConnection(@"Data Source=dasranrajlui\sqlexpress;Initial Catalog=SESoriginal;Integrated Security=True");
con.Open();
// this is to save my values to sql
com = new SqlCommand(" insert into VoterRegistration (SALUTATION, NAME, SEX, ETHNICITY, MARITALSTATUS, ICNUMBER, HPNUMBER, DOB, ADDRESS, STATE, CITY, POSTCODE, VoterPic) VALUES ('"
+ SALUTATION.Text + "','"
+ NAME.Text + "','"
+ SEX.Text + "','"
+ ETHNICITY.Text + "','"
+ MARITALSTATUS.Text + "','"
+ ICNUMBER.Text + "','"
+ HPNUMBER.Text + "','"
+ DOB.Text + "','"
+ ADDRESS.Text + "','"
+ STATE.Text + "','"
+ CITY.Text + "','"
+ POSTCODE.Text + "',"
+ "@VoterPic" + ")", con);
conv_photo();
try
{
com.ExecuteNonQuery();
MessageBox.Show("Registered...");
// return back to admin page after registered
this.Hide();
AdminVoterREUP RETURNTOREUP = new AdminVoterREUP();
RETURNTOREUP.Show(); ;
}
catch (Exception EX)
{
MessageBox.Show(EX + "Not Registered");
}
finally
{
con.Close();
}
}
void conv_photo()
{
//to convernt my image
if (VOTERPIC.Image != null)
{
ms = new MemoryStream();
VOTERPIC.Image.Save(ms, ImageFormat.Jpeg);
byte[] photo_aray = new byte[ms.Length];
ms.Position = 0;
ms.Read(photo_aray, 0, photo_aray.Length);
com.Parameters.AddWithValue("@VoterPic", photo_aray);
}
}
}
当我运行此代码时出现错误:
System.Data.SqlClient.SqlExeption(0x80131904):必须声明标量变量" @ VoterPic"。
voterPic是SQL Server中用于存储图像的列名,我还将PictureBox命名为VOTERPIC。
有人可以帮帮我吗?
答案 0 :(得分:2)
首先,您应该使用SQL参数来阻止SQL注入:
// my sql server connection
var con = new SqlConnection(@"Data Source=dasranrajlui\sqlexpress;Initial Catalog=SESoriginal;Integrated Security=True");
con.Open();
// this is to save my values to sql
var com = new SqlCommand(@"insert into VoterRegistration (
SALUTATION,
NAME,
SEX,
ETHNICITY,
MARITALSTATUS,
ICNUMBER,
HPNUMBER,
DOB,
ADDRESS,
STATE,
CITY,
POSTCODE,
VoterPic) VALUES (
@Salutation,
@Name,
@Sex,
@Ethnicity,
@MaritalStatus,
@ICNumber,
@HPNumber,
@Dob,
@Address,
@State,
@City,
@PostCode
@VoterPic)", con);
com.CommandType = CommandType.Text;
com.Parameters.AddWithValue("@Salutation", SALUTATION.Text);
com.Parameters.AddWithValue("@Name", NAME.Text);
com.Parameters.AddWithValue("@Sex", SEX.Text);
com.Parameters.AddWithValue("@Ethnicity", ETHNICITY.Text);
com.Parameters.AddWithValue("@MaritalStatus", MARITALSTATUS.Text);
com.Parameters.AddWithValue("@ICNumber", ICNUMBER.Text);
com.Parameters.AddWithValue("@HPNumber", HPNUMBER.Text);
com.Parameters.AddWithValue("@Dob", DOB.Text);
com.Parameters.AddWithValue("@Address", ADDRESS.Text);
com.Parameters.AddWithValue("@State", STATE.Text);
com.Parameters.AddWithValue("@City", CITY.Text);
com.Parameters.AddWithValue("@PostCode", POSTCODE.Text);
然后,在conv_photo()中,您需要通过替换:
com.Parameters.AddWithValue("@VoterPic", photo_aray);
有:
com.Parameters.Add("@VoterPic", SqlDbType.VarBinary, photo_aray.Length).Value = photo_aray;
答案 1 :(得分:0)
首先,您需要将图像转换为字节数组,然后将字节添加为参数
com.Parameters.Add("@VoterPic",System.Data.SqlDbType.VarBinary).Value = ImageBytes;