如何将图像放入sql server 2005

时间:2010-10-12 05:52:39

标签: sql-server-2005 html web-services jquery

我编写了以下代码,将图像路径放入sql server 2005,但它无法正常工作,是将客户端应用程序中的图像放入sql server的替代方法。

example.html的

<form id="addresslistingform" name="addresslistingform">
<fieldset id="fieldset1">
  <legend>Address for listing</legend> Zipcode:<br />
  <input size="30" type="text" id="zipcode" /><br />
  Street No:<br />
  <input size="30" type="text" id="addstreetno" class="number" name=
  "streetno" /><br />
  Street Name:<br />
  <input size="30" type="text" id="addstreetname" class="required" name=
  "streetname" /><br />
  Upload a couple of pictures:<br />
  <input size="30" type="file" id="addpicture" /><br />
</fieldset><input id="Addresslisting" type="image" src="images/Submit.png" align=
"left" />
</form>

example.js 

 $("#Addresslisting").click(function () {
    var zipcode = ($("#addzipcode").val());
    var streetno = ($("#addstreetno").val());
    var streetname = ($("#addstreetname").val());
    var image = ($("#addpicture").val());
    var submitaddress = "{\"zipcode\":\"" + zipcode + "\",\"streetnumber\":\"" + streetno + "\",\"streetname\":\"" + streetname + "\",\"streetname\":\"" + streetname + "\",\"Imagelocation\":\"" + image + "\"}";
    $.ajax({
        type: "POST",
        url: "/exampleproject/Afterlogin.asmx/addresslisting",
        data: submitaddress,
        contentType: "application/json; charset=utf-8",
        success: ajaxSucceed,
        dataType: "json",
        failure: ajaxFailed
    });
});

asmx webservices文件

[WebMethod(EnableSession = true)]
    [ScriptMethod(ResponseFormat = ResponseFormat.Json)]
    public bool addresslisting(string zipcode, string streetnumber, string streetname,  string Imagelocation)
    {
        SqlConnection con = new SqlConnection();
        con.ConnectionString = "";
        con.Open();

        SqlCommand sqlcom = new SqlCommand();//declaring a new command
        sqlcom.CommandText = "insert into Address_Listing(Zip_Code,Street_Number,Street_Name,Image_Location) values ('" + zipcode + "','" + streetnumber + "','" + streetname + "',  '" + Imagelocation + "')"; //query for inserting data into contact table
        sqlcom.Connection = con;//connecting to database

        try
        {
            int success = sqlcom.ExecuteNonQuery();
            con.Close();

            if (success > 0)
            {
                return true;
            }
            else
            {
                return false;
            }
        }
        catch (Exception e)
        {
            con.Close();
            return false;
        }

1 个答案:

答案 0 :(得分:2)

我不建议在SQL Server中存储图像,你真正应该做的是在SQL服务器上存储服务器上图像的路径。

p.campbell也不是很有帮助,但非常正确。您的数据库将被您当前拥有的代码攻击。您需要使用SQL参数来防止注入恶意SQL代码。

http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparameter.aspx

相关问题
最新问题