我想从按钮单击上传图片并将图像保存在项目文件夹和数据库中的路径中 [英] I want to upload pics from button click and save image in project folder and path in database

问题描述

我试过这个：

  private   void  button6_Click（ object  sender，EventArgs e）
 {
  / *   // DialogResult result = openFileDialog1.ShowDialog（）; 
 if（result == DialogResult.OK）
 {
 String file = openFileDialog1.FileName; 
 string [] f = file.Split（'\\'）; 
 string fn = f [（f.Length） -  1]; 
 string dest = @C：\ Users \ adminmin \\\\\\\\\\\\\\\\\\\\\\\\ 
 File.Copy（file，dest，true）; 
 con = new SqlConnection（@Data Source =（LocalDB）\ MSSQLLocalDB; AttachDbFilename = D：\ DATABASE \data.sql.mdf; Integrated Security = True; Connect Timeout = 30）; 
 string q =插入[Tab]值（'+ fn +'，'+ dest +'）; 
 SqlCommand cmda = new SqlCommand（q，con）; 
 con.Open（）; 
 cmda.ExecuteNonQuery（）; 
 MessageBox.Show（绘图保存成功...... !!!）; * /  
} 

但它显示错误：

 System.IO.DirectoryNotFoundException：'无法找到路径的一部分'C：\ Users \ adminmin \ source \ times \ TE \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ > 
 
 
 
 
 私人  void  button6_Click（ object  sender，EventArgs e）
 {
  / *   // DialogResult result = openFileDialog1.ShowDialog（）; 
 if（result == DialogResult.OK）
 {
 String file = openFileDialog1.FileName; 
 string [] f = file.Split（'\\'）; 
 string fn = f [（f.Length） -  1]; 
 string dest = @C：\ Users \ adminmin \\\\\\\\\\\\\\\\\\\\\\\\ 
 File.Copy（file，dest，true）; 
 con = new SqlConnection（@Data Source =（LocalDB）\ MSSQLLocalDB; AttachDbFilename = D：\ DATABASE \data.sql.mdf; Integrated Security = True; Connect Timeout = 30）; 
 string q =插入[Tab]值（'+ fn +'，'+ dest +'）; 
 SqlCommand cmda = new SqlCommand（q，con）; 
 con.Open（）; 
 cmda.ExecuteNonQuery（）; 
 MessageBox.Show（绘图保存成功...... !!!）; * /  
} 
 
 
但它显示错误：
 
 
 System.IO.DirectoryNotFoundException：'无法找到路径的一部分'C：\ Users \ adminmin \ source \ times \软件TE [\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\找到。
 
 
 
你确定文件夹'软件TE'不必两次吗？
 
 
 
还要确保运行应用程序的用户可以访问所需的文件夹。
 
 
错误信息非常清楚：
 
 
无法找到路径的一部分'C：\ Users \ adminmin \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ > 
检查运行该代码的计算机的硬盘驱动器并检查路径。 
 
 
 
但是......另外两件事：
 
 1）主题行中的上传让我很担心。如果这是一个网站 - 并且上传意味着 - 您确实意识到C＃代码在服务器上运行，而不是客户端，并且无法访问客户端文件系统？所有对话框都将在服务器上打开，而不是客户端？这些东西似乎在开发中起作用，因为服务器和客户端是同一台计算机，但在生产中失败了...... 
 
 
 
 2）不要做像这样的数据库那！永远不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。改为使用参数化查询。
 
 
 
连接字符串时会导致问题，因为SQL会收到如下命令：
 
 
  SELECT  *  FROM  MyTable  WHERE  StreetAddress = '  Baker' s Wood '   
就SQL而言，用户添加的引号会终止字符串，并且您会遇到问题。但情况可能更糟。如果我来并改为输入：x'; DROP TABLE MyTable;  - 然后SQL收到一个非常不同的命令：
 
 
  SELECT  *  FROM  MyTable  WHERE  StreetAddress = '  x';  DROP  表 MyTable;   -   ' 
哪个SQL看作三个单独的命令：
 
 
  SELECT  *  FROM  MyTable  WHERE  StreetAddress = '  x'; 
完全有效的SELECT 
 
 
  DROP   TABLE  MyTable; 
完全有效的删除表格通讯和
 
 
   -   ' 
其他一切都是评论。
 
所以它确实：选择任何匹配的行，从数据库中删除表，并忽略其他任何内容。
 
 
 
所以总是使用参数化查询！或者准备好经常从备份中恢复数据库。你定期做备份，不是吗？
 
 
 
 
 
 
 
引用：
不，我不能，请给我一个关于参数化查询的例子吗？
 
 使用（ SqlConnection con =  new  SqlConnection（strConnect））
 {
 con.Open（）; 
 使用（SqlCommand cmd =  new  SqlCommand（   INSERT INTO myTable（myColumn1，myColumn2）VALUES（@ C1，@ C2），con））
 {
 cmd .Parameters.AddWithValue（  @ C1，myValueForColumn1）; 
 cmd.Parameters.AddWithValue（  @ C2，myValueForColumn2）; 
 cmd.ExecuteNonQuery（）; 
} 
} 
 
如果不，我不，你的意思是不，我不定期备份然后开始。今天。
 
获取一些备份软件：AOMEI Backupper Standard非常好，免费（非常好，我为Pro版本付了钱，而且从不使用附加功能！）。
 
获取USB硬盘（3.0很好，2.0可以），并对硬盘进行映像备份。如果您验证备份（这是值得做的），则需要几个小时，然后断开USB驱动器。现在你安全了一段时间。硬盘驱动器可能会失败，您可以获取勒索软件，您的用户可以删除您的桌子 - 但您可以在很短的时间内恢复运行！
 
 
 
请记住：你最需要的备份是你没有做的！ 
 
所有HDD都失败了，这只是一个时间的情况。文件被意外，错误或故意删除。一个好的可靠的备份程序是你可以拥有的最好的朋友（你可以希望永远不需要）。
 
 
I have tryed this:

 

private void button6_Click(object sender, EventArgs e)
{
/* // DialogResult result = openFileDialog1.ShowDialog();
if (result == DialogResult.OK)
{
String file = openFileDialog1.FileName;
string[] f = file.Split('\\');
string fn = f[(f.Length) - 1];
string dest = @"C:\Users\admin\source\repos\Software of TE\Software of TE\Images";
File.Copy(file, dest, true);
con = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=D:\DATABASE\data.sql.mdf;Integrated Security=True;Connect Timeout=30");
string q = "Insert into [Tab] values ('" + fn + "','" + dest + "')";
SqlCommand cmda = new SqlCommand(q, con);
con.Open();
cmda.ExecuteNonQuery();
MessageBox.Show("Drawing Save Successfully...!!!");*/
}


 But It Shows Error:

System.IO.DirectoryNotFoundException: 'Could not find a part of the path 'C:\Users\admin\source\repos\Software of TE\Software of TE\Images\'.'




What I have tried:



private void button6_Click(object sender, EventArgs e)
{
/* // DialogResult result = openFileDialog1.ShowDialog();
if (result == DialogResult.OK)
{
String file = openFileDialog1.FileName;
string[] f = file.Split('\\');
string fn = f[(f.Length) - 1];
string dest = @"C:\Users\admin\source\repos\Software of TE\Software of TE\Images";
File.Copy(file, dest, true);
con = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=D:\DATABASE\data.sql.mdf;Integrated Security=True;Connect Timeout=30");
string q = "Insert into [Tab] values ('" + fn + "','" + dest + "')";
SqlCommand cmda = new SqlCommand(q, con);
con.Open();
cmda.ExecuteNonQuery();
MessageBox.Show("Drawing Save Successfully...!!!");*/
}


 But It Shows Error:

System.IO.DirectoryNotFoundException: 'Could not find a part of the path 'C:\Users\admin\source\repos\Software of TE\Software of TE\Images\'.'
解决方案
The error message is quite clear, the directory cannot be found.



Are you sure that for example folder 'Software of TE' isn't twice unnecessarily?



Also make sure that the user running the application has access to the desired folder.

The error message is pretty clear:

Could not find a part of the path 'C:\Users\admin\source\repos\Software of TE\Software of TE\Images\'


Check the hard drive of the computer running that code and check the path. 



But ... two other things:

1) The "Upload" in your subject line worries me. If this is a website - and "upload" implies that - you do realize that C# code runs on the Server, not the Client and has no access whatsoever to the client file system? And the all dialogs will open on the Server, not the client? These things appear to work in development because the Server and the Client are the same computer, but fail spectacularly in production...



2) Don't do databases like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.



When you concatenate strings, you cause problems because SQL receives commands like:

SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:

SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:

SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT

DROP TABLE MyTable;
A perfectly valid "delete the table" command

--'
And everything else is a comment.

So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.



So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?





Quote:
No I dont , can u please give me a example about parameterized queries?
using (SqlConnection con = new SqlConnection(strConnect))
    {
    con.Open();
    using (SqlCommand cmd = new SqlCommand("INSERT INTO myTable (myColumn1, myColumn2) VALUES (@C1, @C2)", con))
        {
        cmd.Parameters.AddWithValue("@C1", myValueForColumn1);
        cmd.Parameters.AddWithValue("@C2", myValueForColumn2);
        cmd.ExecuteNonQuery();
        }
    }
And if by "No I dont" you mean "No, I don't take regular backups" then start. Today.

Get some backup software: AOMEI Backupper Standard is damn good, and free (so good, I paid them money for the Pro version, and never use the addition features!).

Get a USB HDD (3.0 is good, 2.0 is OK), and do an Image backup of your hard drive(s). It's take a few hours if you verify the backup (which is worth doing) and then disconnect the USB drive. Now you are safe, for a while. You HDD can fail, You can get ransomware, your users can delete your tables - but you can be back up and running in very little time!



Just remember: the backup you most needed was the one you didn't do! 

All HDD's fail, it's just a case of when. Files get deleted by accident, or mistake, or deliberately. A good solid backup routine is the best friend you can have (and one you can hope never to need).


                        
这篇关于我想从按钮单击上传图片并将图像保存在项目文件夹和数据库中的路径中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！