无法将图片保存到数据库

时间:2015-01-08 15:23:13

标签: c# sql database

数据库是.mdf, 列的数据类型是varchar<<必须用作项目要求

我输入了我从txtFilePath.Text = open.FileName;生成的textFilePath.text,但是当我按下按钮输入时会出错。行cmd.CommandText上显示的错误是

  

Sqlexception未处理:字符串或二进制数据将被截断。声明已经终止。

但如果我用其他字符串替换textFilePath.text,输入数据库就会成功。

这是代码,感谢帮助我。

private void Save()
{
    txtFilePath.Text.ToString();
    cn.Open();
    cmd.CommandText = "insert into Inventory (ID,Item,Gender,Qty,Price,FilePath) values('" + txtID.Text + "','" + txtItem.Text + "','" + Gender + "','" + numQty.Value + "','" + numPrice.Value + "','" + txtFilePath.Text + "')";
    cmd.ExecuteNonQuery();
    cmd.Clone();
    cn.Close();
}

private void ButtonChoose_Click(object sender, EventArgs e)
{
    try
    {
        // open file dialog
        OpenFileDialog open = new OpenFileDialog();
        // image filters
        open.Filter = "Image Files(*.jpg; *.jpeg; *.gif; *.bmp)|*.jpg; *.jpeg; *.gif; *.bmp";

        if (open.ShowDialog() == DialogResult.OK)
        {
            // display image in picture box
            pictureBox1.Image = new Bitmap(open.FileName);
            // image file path
            txtFilePath.Text = open.FileName;

        }
    }
    catch (Exception)
    {
        throw new ApplicationException("Image loading error....");
    }
}

private void buttonSave_Click(object sender, EventArgs e)
{
    if (txtID.Text != "" & txtItem.Text != "" & Gender != "" & numPrice.Value > 0 & numQty.Value > 0 & txtFilePath.Text != "")
    {
        Save();
        MessageBox.Show("Recorded");
        gridViewLoad();

    }
    else
    {
        MessageBox.Show("all field must be filled");
    }
}

2 个答案:

答案 0 :(得分:1)

Golden Dragon所说的错误是你试图插入库存 字符串大于表字段允许的大小

要解决此问题,您应增加数据库中字段FilePath的大小


指出使用字符串连接运行查询是一个巨大的安全漏洞也很重要,有关详细信息,请参阅SQL Injection

您应始终使用参数化查询,如示例所示:

using (SqlConnection connection = new SqlConnection(connectionString))
{
    SqlCommand command = new SqlCommand(commandText, connection);
    command.Parameters.Add("@ID", SqlDbType.Int);
    command.Parameters["@ID"].Value = customerID;

    // Use AddWithValue to assign Demographics.
    // SQL Server will implicitly convert strings into XML.
    command.Parameters.AddWithValue("@demographics", demoXml);

    try
    {
        connection.Open();
        Int32 rowsAffected = command.ExecuteNonQuery();
        Console.WriteLine("RowsAffected: {0}", rowsAffected);
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex.Message);
    }
}

来自:MSDN - SqlCommand.Parameters Property

该示例还说明了如何使用连接(避免在发生错误时不关闭连接)。

在你的情况下,它将是:

using (SqlConnection connection = new SqlConnection(connectionString))
{
    string commandText = "insert into Inventory (ID,Item,Gender,Qty,Price,FilePath) values(@ID, @Item, @Gender, @Qty, @Price, @FilePath)";

    SqlCommand command = new SqlCommand(commandText, connection);

    command.Parameters.Add("@ID", SqlDbType.Int).Value = txtID.Text;
    ...
    command.Parameters.Add("@Price", SqlDbType.Decimal, 11, 4).Value = numPrice.Value;
    ...

    connection.Open();
    command.ExecuteNonQuery();
}

答案 1 :(得分:0)

@Eka Soedono请尝试下面的代码并告诉我它是否有效。

cmd.CommandText = "insert into Inventory (ID,Item,Gender,Qty,Price,@path); 
cmd.Parameters.Add("@path",txtFilePath.Text);