如果我尝试将图像转换为数组,然后运行更新查询并插入字符串更新转换后的图像矩阵,我会收到错误:
+运算符未定义类型'String'和'matrix'1-byte 大小
代码是:
data1 = textbox
data2 = TextBox2
using ms as new MemoryStream ()
DirectCast (picturebox1.image, botmap) .save (ms currentFormat)
image = ms.toArray ()
end using
Dim param as SqlParameter () = _ new SqlParameter () {new SqlParameter ("@ data1", _ data1), new SqlParameter ("@ data2", data2), new SqlParameter ("@ image", image)}
mcmd.commandText = "update set table column1 = '" + data1 + "', column2 '" + data1 + "'"
mcmd.parameters.add ("@ image", SqlDbType.varbinary, 8000) .Value = image
我该如何解决?
答案 0 :(得分:0)
无论如何,您可以在代码中为image变量定义参数,如下所示
mcmd.parameters.add ("@image", SqlDbType.varbinary, 8000) .Value = image
因此,不要通过连接易受SQL注入攻击攻击的值来准备查询;使用参数化查询和已定义的参数
mcmd.commandText = "update table_name set column1 = @data1, column2 = @data2, image = @image