Insert byte[] to database
-
How can I write sql sentence with byte[] parameter? NOTE: I don't want to use SqlParameter. string sql = "INSERT INTO MyFile(FileId, BinaryFile) VALUES('" + fileId + "','" + file + "')"; .... command.ExecuteNonQuery(); fieldId is int variable, file is byte[] variable. In database; FileId is int field, file is varbinary(MAX) field.
-
How can I write sql sentence with byte[] parameter? NOTE: I don't want to use SqlParameter. string sql = "INSERT INTO MyFile(FileId, BinaryFile) VALUES('" + fileId + "','" + file + "')"; .... command.ExecuteNonQuery(); fieldId is int variable, file is byte[] variable. In database; FileId is int field, file is varbinary(MAX) field.
-
I don't want to use SQL Parameter. I use MS SQL.
-
How can I write sql sentence with byte[] parameter? NOTE: I don't want to use SqlParameter. string sql = "INSERT INTO MyFile(FileId, BinaryFile) VALUES('" + fileId + "','" + file + "')"; .... command.ExecuteNonQuery(); fieldId is int variable, file is byte[] variable. In database; FileId is int field, file is varbinary(MAX) field.
First of all, please don't use sql like this. As you are using SQL Server, you should really use command parameters (this helps circumvent SQL Injection Attacks). Then you could set the data easily, as detailed here:
using (SqlCommand cmd = new SqlCommand("MyFile(FileId, BinaryFile) VALUES(@fileid, @file", connection)
{
cmd.Parameters.AddWithValue("@fileid", fileid);
cmd.Parameters.AddWithValue("@file", file) ;
cmd.ExecuteNonQuery();
}"WPF has many lovers. It's a veritable porn star!" - Josh Smith
As Braveheart once said, "You can take our freedom but you'll never take our Hobnobs!" - Martin Hughes.
-
I don't want to use SQL Parameter. I use MS SQL.
Tough, you have to. And it's the right thing to do, every time.
-
How can I write sql sentence with byte[] parameter? NOTE: I don't want to use SqlParameter. string sql = "INSERT INTO MyFile(FileId, BinaryFile) VALUES('" + fileId + "','" + file + "')"; .... command.ExecuteNonQuery(); fieldId is int variable, file is byte[] variable. In database; FileId is int field, file is varbinary(MAX) field.
That's like saying you want to swim but you don't want to get wet. Maybe if you tell us your reasons why you don't want to use a parameter object we could help you with a solution that better fits your needs. Otherwise it isn't worth coming up with an answer because who knows what other objects you refuse to use for no apparant reason.
-
How can I write sql sentence with byte[] parameter? NOTE: I don't want to use SqlParameter. string sql = "INSERT INTO MyFile(FileId, BinaryFile) VALUES('" + fileId + "','" + file + "')"; .... command.ExecuteNonQuery(); fieldId is int variable, file is byte[] variable. In database; FileId is int field, file is varbinary(MAX) field.
Like other have said, unless you're really experienced with SQL, you should use parameters (and even if you are really experienced, it's still a good idea). The first problem is you appear to be using the wrong data type to store bytes. VARBINARY is a character type to store binary strings (useful for forcing case sensitivity, IE, 'a'='A' in a char type, but not a binary type) - http://dev.mysql.com/doc/refman/5.1/en/binary-varbinary.html[^] You probably wanted a BLOB type of some kind. As for storing byte[] with an SQL statement, converting the bytes into a hexadecimal string value should work - INSERT INTO (FileID, Data) VALUES (1, 0x0F2EAA32);
-
How can I write sql sentence with byte[] parameter? NOTE: I don't want to use SqlParameter. string sql = "INSERT INTO MyFile(FileId, BinaryFile) VALUES('" + fileId + "','" + file + "')"; .... command.ExecuteNonQuery(); fieldId is int variable, file is byte[] variable. In database; FileId is int field, file is varbinary(MAX) field.
http://www.codeproject.com/Questions/83971/I-need-to-save-a-file-or-bytes-in-a-database-WITHO.aspx Strange your question was asked just hours earlier. I wonder why that is.