-1

I want to retrieve Binary Data from SQL Database with asp.net .but the data that is shown in the output does not match with the data that i have inserted. this is my code:

string EQuery = "SELECT * FROM Ph_Tbl_Contacts WHERE (Contact_ID =" + Contact_ID + ")";

DataSet DSs = new DataSet();
DataTable dt = new DataTable();
DataRow dr = dt.NewRow();

DSs = DB.ExecuteQueryData(EQuery);
dt = DSs.Tables[0];

// dr = dt.NewRow();
dr = dt.Rows[0];
byte[] pic;
byte[] raw = (byte[])dr["Contact_CardImage"];
//  Session[OpenDialog.STORED_IMAGE] = raw ;

and this is insert part:

byte[] IMAGEbYTE ;
IMAGEbYTE = (byte[])(Session["SessionImage"]);
string Query = "INSERT INTO Ph_Tbl_Contacts (Contact_Name, Contact_LName, " + 
               "Contact_Company, Contact_Email, Contact_Tel, " + 
               "Contact_Mobile,Contact_CardImage,Is_Public,User_ID,Save_Date)" + 
               "VALUES (N'" + Txt_Name.Text + "', N'" + Txt_LastName.Text + "', N'" + 
               Txt_CompanyName.Text + "', N'" + Txt_Mail.Text + "', N'" + 
               Txt_Telephone.Text + "', N'" + Txt_Mobile.Text + "','" + 
               IMAGEbYTE + "','" + CheckValue + "'," + 
               Session["User_ID"] + ", N'" + DateStr + "')";

DB.ExecuteQueryNoData(Query) ;
Improve this question
3
  • 3
    That's what you get for not using parametrized queries.
    – Steve
    Commented Dec 31, 2012 at 10:05
  • @helia are you storing image as binary[] in database and want to fetch it back from there?
    – Dev
    Commented Dec 31, 2012 at 10:10
  • 1
    yes exactly and I don't know how to do it.
    – helia Hosseinioun
    Commented Dec 31, 2012 at 10:14

1 Answer 1

Reset to default
6

Alright, let's start with cleaning your code. The first thing is to fix your INSERT code, because right now it is vulnerable to SQL injection. You need to use parametrized queries:

using (var conn = new SqlConnection("Your ConnectionString comes here"))
using (var cmd = conn.CreateCommand())
{
    conn.Open();
    cmd.CommandText =
    @"INSERT INTO Ph_Tbl_Contacts 
          (Contact_Name, 
           Contact_LName, 
           Contact_Company, 
           Contact_Email, 
           Contact_Tel, 
           Contact_Mobile, 
           Contact_CardImage, 
           Is_Public, 
           User_ID, 
           Save_Date)
      VALUES 
          (@Contact_Name, 
           @Contact_LName, 
           @Contact_Company, 
           @Contact_Email, 
           @Contact_Tel, 
           @Contact_Mobile, 
           @Contact_CardImage, 
           @Is_Public, 
           @User_ID, 
           @Save_Date)
    ";
    cmd.Parameters.AddWithValue("@Contact_Name", Txt_Name.Text);
    cmd.Parameters.AddWithValue("@Contact_LName", Txt_LastName.Text);
    cmd.Parameters.AddWithValue("@Contact_Company", Txt_CompanyName.Text);
    cmd.Parameters.AddWithValue("@Contact_Email", Txt_Mail.Text);
    cmd.Parameters.AddWithValue("@Contact_Tel", Txt_Telephone.Text);
    cmd.Parameters.AddWithValue("@Contact_Mobile", Txt_Mobile.Text);
    cmd.Parameters.AddWithValue("@Contact_CardImage", IMAGEbYTE);
    cmd.Parameters.AddWithValue("@Is_Public", CheckValue);
    cmd.Parameters.AddWithValue("@User_ID", Session["User_ID"]);
    cmd.Parameters.AddWithValue("@Save_Date", DateStr); 
    cmd.ExecuteNonQuery();
}

Here's it's worth mentioning that if the Save_Date column in your database is a datetime you should pass an instance of DateTime for the parameter and not be attempting to convert it to string => DateStr must be a DateTime.

Alright, now that you have correctly inserted the record into the database you could read it:

using (var conn = new SqlConnection("Your ConnectionString comes here"))
using (var cmd = conn.CreateCommand())
{
    conn.Open();
    cmd.CommandText = 
    @"SELECT
          Contact_CardImage
      FROM 
          Ph_Tbl_Contacts 
      WHERE 
          Contact_ID = @Contact_ID
    ";
    cmd.Parameters.AddWithValue("@Contact_ID", Txt_Name.Text); 
    using (var reader = cmd.ExecuteReader())
    {
        if (reader.Read())
        {
            byte[] raw = (byte[])reader.Items["Contact_CardImage"];
            // TODO: do something with the raw data
        }
    }
}
Improve this answer
1
  • 2
    thanks but i have this error:Error 1 'System.Data.SqlClient.SqlDataReader' does not contain a definition for 'Items' and no extension method 'Items' accepting a first argument of type 'System.Data.SqlClient.SqlDataReader' could be found (are you missing a using directive or an assembly reference?)
    – helia Hosseinioun
    Commented Dec 31, 2012 at 11:00

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.