1. 首頁
  2. 問答
  3. 值插入SQL服務器

值插入SQL服務器

2016-05-16 120 views
0 
private void button2_Click(object sender, EventArgs e) 
{ 
     // my sql server connection 
     con = new SqlConnection(@"Data Source=dasranrajlui\sqlexpress;Initial Catalog=SESoriginal;Integrated Security=True"); 

     con.Open(); 

     // this is to save my values to sql 
     com = new SqlCommand(" insert into VoterRegistration (SALUTATION, NAME, SEX, ETHNICITY, MARITALSTATUS, ICNUMBER, HPNUMBER, DOB, ADDRESS, STATE, CITY, POSTCODE, VoterPic) VALUES ('" 
             + SALUTATION.Text + "','" 
             + NAME.Text + "','" 
             + SEX.Text + "','" 
             + ETHNICITY.Text + "','" 
             + MARITALSTATUS.Text + "','" 
             + ICNUMBER.Text + "','" 
             + HPNUMBER.Text + "','" 
             + DOB.Text + "','" 
             + ADDRESS.Text + "','" 
             + STATE.Text + "','" 
             + CITY.Text + "','" 
             + POSTCODE.Text + "'," 
             + "@VoterPic" + ")", con); 

     conv_photo(); 

     try 
     { 
      com.ExecuteNonQuery(); 
      MessageBox.Show("Registered..."); 

      // return back to admin page after registered 
      this.Hide(); 
      AdminVoterREUP RETURNTOREUP = new AdminVoterREUP(); 
      RETURNTOREUP.Show(); ; 
     } 
     catch (Exception EX) 
     { 
      MessageBox.Show(EX + "Not Registered"); 
     } 
     finally 
     { 
      con.Close(); 
     } 
} 

void conv_photo() 
{ 
     //to convernt my image 
     if (VOTERPIC.Image != null) 
     { 
      ms = new MemoryStream(); 
      VOTERPIC.Image.Save(ms, ImageFormat.Jpeg); 
      byte[] photo_aray = new byte[ms.Length]; 
      ms.Position = 0; 
      ms.Read(photo_aray, 0, photo_aray.Length); 
      com.Parameters.AddWithValue("@VoterPic", photo_aray); 
     } 
    } 
}

當我運行這段代碼我得到一個錯誤:值插入SQL服務器

System.Data.SqlClient.SqlExeption (0x80131904): Must declare the scalar variable "@VoterPic".

voterPic是SQL Server來存儲我的形象我的列名,我也叫我的PictureBox爲VOTERPIC。

任何人都可以幫助我嗎?

來源

2016-05-16 Dasran Rajlui

+5

使用參數來避免SQL注入和格式錯誤。 – LarsTech

回答

0

首先你需要你的圖像轉換成字節數組,然後添加字節作爲參數

com.Parameters.Add("@VoterPic",System.Data.SqlDbType.VarBinary).Value = ImageBytes;

來源

2016-05-16 19:15:06 Kahbazi

2

首先,你應該使用SQL參數來防止SQL注入:

// my sql server connection 
var con = new SqlConnection(@"Data Source=dasranrajlui\sqlexpress;Initial Catalog=SESoriginal;Integrated Security=True"); 

con.Open(); 

// this is to save my values to sql 
var com = new SqlCommand(@"insert into VoterRegistration (
     SALUTATION, 
     NAME, 
     SEX, 
     ETHNICITY, 
     MARITALSTATUS, 
     ICNUMBER, 
     HPNUMBER, 
     DOB, 
     ADDRESS, 
     STATE, 
     CITY, 
     POSTCODE, 
     VoterPic) VALUES (
     @Salutation, 
     @Name, 
     @Sex, 
     @Ethnicity, 
     @MaritalStatus, 
     @ICNumber, 
     @HPNumber, 
     @Dob, 
     @Address, 
     @State, 
     @City, 
     @PostCode 
     @VoterPic)", con); 

com.CommandType = CommandType.Text; 

com.Parameters.AddWithValue("@Salutation", SALUTATION.Text); 
com.Parameters.AddWithValue("@Name", NAME.Text); 
com.Parameters.AddWithValue("@Sex", SEX.Text); 
com.Parameters.AddWithValue("@Ethnicity", ETHNICITY.Text); 
com.Parameters.AddWithValue("@MaritalStatus", MARITALSTATUS.Text); 
com.Parameters.AddWithValue("@ICNumber", ICNUMBER.Text); 
com.Parameters.AddWithValue("@HPNumber", HPNUMBER.Text); 
com.Parameters.AddWithValue("@Dob", DOB.Text); 
com.Parameters.AddWithValue("@Address", ADDRESS.Text); 
com.Parameters.AddWithValue("@State", STATE.Text); 
com.Parameters.AddWithValue("@City", CITY.Text); 
com.Parameters.AddWithValue("@PostCode", POSTCODE.Text);

然後,在conv_photo(),你需要通過更換指定的參數類型:

com.Parameters.AddWithValue("@VoterPic", photo_aray);

爲:

com.Parameters.Add("@VoterPic", SqlDbType.VarBinary, photo_aray.Length).Value = photo_aray;

來源

2016-05-16 19:17:26 PhilDulac

+0

我應該在哪裏添加這個 –

+0

您需要替換'conv_photo'方法中的'com.Parameters.AddWithValue(「@ VoterPic」,photo_aray);''。 – PhilDulac

+0

仍然是一樣的錯誤先生 –

相關問題

 相關問題