Set a Byte Array to a SqlServer database on C++\Cli
Managed C++/CLI
2
Posts
2
Posters
7
Views
1
Watching
-
Hello, I have a byte array that i want to set on a sqlserver database with ADO.NET. I have an error message : Cannot convert 'signed char *' to 'System::Object ^' What is wrong ? Thanks in advance.
// Connexion SqlConnection ^connection = gcnew SqlConnection(connectString); connection->Open(); // Requete String ^ myRequete = "UPDATE COM\_PKCS12 SET PKCS12 = @myPKCS12 WHERE ID = '" + System::Convert::ToString(id) + "'"; // Objet Command SqlCommand ^command = gcnew SqlCommand( myRequete, connection); //Datas SByte \* testByteArray = pkcs12Data->array; // Parameters command->Parameters->Add(gcnew SqlParameter("@myPKCS12", SqlDbType::VarBinary)); command->Parameters\["@myPKCS12"\]->Value = testByteArray; // Execution int affectedrows = command->ExecuteNonQuery(); // Fermeture connection connection->Close(); -
Hello, I have a byte array that i want to set on a sqlserver database with ADO.NET. I have an error message : Cannot convert 'signed char *' to 'System::Object ^' What is wrong ? Thanks in advance.
// Connexion SqlConnection ^connection = gcnew SqlConnection(connectString); connection->Open(); // Requete String ^ myRequete = "UPDATE COM\_PKCS12 SET PKCS12 = @myPKCS12 WHERE ID = '" + System::Convert::ToString(id) + "'"; // Objet Command SqlCommand ^command = gcnew SqlCommand( myRequete, connection); //Datas SByte \* testByteArray = pkcs12Data->array; // Parameters command->Parameters->Add(gcnew SqlParameter("@myPKCS12", SqlDbType::VarBinary)); command->Parameters\["@myPKCS12"\]->Value = testByteArray; // Execution int affectedrows = command->ExecuteNonQuery(); // Fermeture connection connection->Close();Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
