在varbinary(MAX)上传文件

时间:2015-01-16 18:33:15

标签: c# sql asp.net file-upload varbinarymax

我有一个数据库表,其中包含两个varbinary(max)字段,用于存储文件。

但是,我无法按预期上传文件。我很长时间以来一直难以接受这个问题而且我不确定我能做些什么来解决它。有一条错误消息:

An exception of type 'System.Data.SqlClient.SqlException' occurred in
System.Data.dll but was not handled in user code
Additional information: Incorrect syntax near the keyword 'title'.

对我来说,必须在ASP.NET中实现3层架构。

数据访问层

public class Submission { 

  private string _title;
  private byte[] _slides, _codes;

  //Connection string 
  private string _connStr = Properties.Settings.Default.DBConnStr;

  public Submission(string title, byte[] slides, byte[] codes) {
  _title = title;
  _slides = slides;
  _codes = codes;
  }

  //UPLOAD files
  public int SubmissionInsert()
  {
          string queryStr = "INSERT INTO Submission(title,slides,codes)" +
              "VALUES('" +
              _title + "', '" +
              _slides + "', '" +
              _codes + "')";

          SqlConnection con = new SqlConnection(_connStr);
          SqlCommand cmd = new SqlCommand(queryStr, con);

          con.Open();
          int nofRow = 0;
          nofRow = cmd.ExecuteNonQuery();

          con.Close();

          return nofRow;
  }
}

业务逻辑层

public class SubmissionBLL
{
    public string submissionUpload(string title, byte[] slides, byte[] codes)
    {
        string returnValue = "";

        if (title.Length == 0)
            returnValue+= "Title cannot be empty";
        if (slides == null)
            returnValue += "Slides cannot be empty";
        if (codes == null)
            returnValue += "Codes cannot be empty";

        //if there are no errors
        if (returnValue.Length == 0)
        {
            Submission sub = new Submission(title,slides,codes);

            int nofRows = 0;
            nofRows = sub.SubmissionInsert();

            if (nofRows > 0)
                returnValue = "Submission is successful!";
            else
                returnValue = "Submission failure. Please try again.";
        }

        return returnValue;
  }

表示层 - 代码隐藏

 protected void btn_submit_Click(object sender, EventArgs e)
    {
        string input = "";
        byte[] slideArr = null, codeArr= null;

        string strTestFilePath, strTestFileName, strContentType;
        Int32 intFileSize, intFileLength;
        Stream strmStream;

        if (f_codes.HasFile)
        {
                strTestFilePath = f_codes.PostedFile.FileName;
                strTestFileName = Path.GetFileName(strTestFilePath);
                intFileSize = f_codes.PostedFile.ContentLength;
                strContentType = f_codes.PostedFile.ContentType;

                //Convert the source codes file to byte stream to save to database
                strmStream = f_codes.PostedFile.InputStream;
                intFileLength = (Int32)strmStream.Length;
                codeArr = new byte[intFileLength + 1];
                strmStream.Read(codeArr, 0, intFileLength);
                strmStream.Close();

        }

         if (f_slide.HasFile)
        {
                strTestFilePath = f_slide.PostedFile.FileName;
                strTestFileName = Path.GetFileName(strTestFilePath);
                intFileSize = f_slide.PostedFile.ContentLength;
                strContentType = f_slide.PostedFile.ContentType;

                strmStream = f_slide.PostedFile.InputStream;
                intFileLength = (Int32)strmStream.Length;
                slideArr = new byte[intFileLength + 1];
                strmStream.Read(slideArr, 0, intFileLength);
                strmStream.Close();
            }

         //Pass to BLL
         input = sub.submissionUpload(tb_title.Text,slideArr,codeArr);
         //Display error messages
         lbl_message.Text = input;
    }

我尝试使用IntelliTrace进行调试,并显示一条消息

ADO.NET:Execute NonQuery" INSERT INTO提交(标题,幻灯片,代码)VALUES('我的节水项目',' System.Byte []' ' System.Byte []')"


我这样做是否正确?我试图运行,但异常错误仍然存​​在     本。

string queryStr = "INSERT INTO Submission(title,slides,codes)" + "VALUES('"+
            _title + "', '" +
           "0x" + BitConverter.ToString(_slides).Replace("-", "")+ "', '" +
           "0x" + BitConverter.ToString(_codes).Replace("-", "")  + "')";

3 个答案:

答案 0 :(得分:1)

"0x" + BitConverter.ToString(_slides).Replace("-", "")+ "', '" +

您不应将字节转换为字符串。相反,您希望使用参数化查询 (以避免sql注入) 并将这些字节数组直接插入数据库。

public int SubmissionInsert(string title, byte[] slides, byte[] codes)
{
    int nofRow;
    string query = "INSERT  INTO Submission ( title, slides, codes )" +
                    "VALUES  ( @Title, @Slides, @Codes );";

    using (var con = new SqlConnection(_connStr))
    {
        con.Open();
        using (var cmd = new SqlCommand(query, con))
        {
            cmd.CommandType = CommandType.Text;
            cmd.Parameters.AddWithValue("@Title", title);
            cmd.Parameters.AddWithValue("@Slides", slides);
            cmd.Parameters.AddWithValue("@Codes", codes);
            nofRow = cmd.ExecuteNonQuery();
        }
    }
    return nofRow;
}

答案 1 :(得分:0)

您的问题在于类型转换。如果要将值作为字符串插入(并且使用这些单引号),则需要插入HEX值,并在其前面加上0x。

这可以帮到你: “0x”+ BitConverter.ToString(byteArray).Replace(“ - ”,“”)

答案 2 :(得分:0)

I also got the same error when I am uploading doc USING ADO.NET and Storedproc.

I am using stored proc to upload word file to the table's column type varbinary(max).
There are so many examples with insert query to insert document but my scenario was stored proc. I spent lot of time in figuring out the solution. 

Stored Proc:`Alter PROC [dbo].[usp_GMS_SaveEngagementDocument](
        @pDocumentID INT=0,
        @pEngagementID INT,
        @pDocumentName NVARCHAR(100),
        @pContentType NVARCHAR(100),
        @pDocumentType NVARCHAR(100),
        @pDocumentContent VARBINARY(max)=null,
       @pUserID INT)
AS
BEGIN
--INSERT
END`



SOLUTION:

    param = new SqlParameter();
                param.ParameterName = "@pDocumentContent";
                param.Direction = ParameterDirection.Input;
                param.Value = document.DocumentContent;
                param.DbType = DbType.Binary;
                param.SqlDbType = SqlDbType.Binary;
                paramList.Add(param);



Setting SQLDBType as Binary and DbType as Binary solved my problem In calling stored proc.

END