how to insert image into sql database table
-
i want to insert pic into datatable pl help with vb code.. str_insert = "INSERT INTO SIS_TeachingStaff VALUES('TSMT2','V.RAJANIKANTH','LECTURER','TEACHING STAFF','Msc(Maths)','" & Emp_pic.Image & " '" '" & CByte(Me.opendialogbox.FileName.Length) & "' " cmd = New SqlCommand(str_insert, conn) cmd.Connection = conn cmd.ExecuteNonQuery() error is:operator '&' is not defined for types 'string' and 'system.drawing.image'
-
i want to insert pic into datatable pl help with vb code.. str_insert = "INSERT INTO SIS_TeachingStaff VALUES('TSMT2','V.RAJANIKANTH','LECTURER','TEACHING STAFF','Msc(Maths)','" & Emp_pic.Image & " '" '" & CByte(Me.opendialogbox.FileName.Length) & "' " cmd = New SqlCommand(str_insert, conn) cmd.Connection = conn cmd.ExecuteNonQuery() error is:operator '&' is not defined for types 'string' and 'system.drawing.image'
You are injecting values into the SQL String - This is a potential security flaw in your application and you should resolve it. See SQL Injection Attacks and Tips on How to Prevent Them[^] The resoltion for the security flaw is also the resolution for your problem. You should use Parameterised queries to insert binary data.
Upcoming Scottish Developers events: * UK Security Evangelists On Tour (2nd November, Edinburgh) * Developer Day Scotland: are you interested in speaking or attending? My: Website | Blog
-
You are injecting values into the SQL String - This is a potential security flaw in your application and you should resolve it. See SQL Injection Attacks and Tips on How to Prevent Them[^] The resoltion for the security flaw is also the resolution for your problem. You should use Parameterised queries to insert binary data.
Upcoming Scottish Developers events: * UK Security Evangelists On Tour (2nd November, Edinburgh) * Developer Day Scotland: are you interested in speaking or attending? My: Website | Blog
Investigate using those parameterized queries to insert a byte array data source into a database field of type Blob. Definitely don't keep that first bit of code you posted though. Good luck! Steve Hanson Tasen Software
New Hampshire (NH) Website Design and Software Development -
Investigate using those parameterized queries to insert a byte array data source into a database field of type Blob. Definitely don't keep that first bit of code you posted though. Good luck! Steve Hanson Tasen Software
New Hampshire (NH) Website Design and Software DevelopmentI think you meant to reply to the OP rather than me.
Upcoming Scottish Developers events: * UK Security Evangelists On Tour (2nd November, Edinburgh) * Developer Day Scotland: are you interested in speaking or attending? My: Website | Blog
-
I think you meant to reply to the OP rather than me.
Upcoming Scottish Developers events: * UK Security Evangelists On Tour (2nd November, Edinburgh) * Developer Day Scotland: are you interested in speaking or attending? My: Website | Blog
In fact I did. Sorry for the inconvenience. Steve Hanson Tasen Software New Hampshire Website Design & Software Development