如何从SQL数据库中检索多个图像并将其显示在面板控件中? [英] How do I retrieve multiple images and display them inside a panel control from an SQL database?
问题描述
因此,在我编写代码的过程中,我一直在尝试将我在sql数据库中的图片显示给面板控件。我如何设置它是为了将imageID = 1的图像放入面板控件中。我希望得到它与其他表匹配的地方,所以如果我点击一个人和他们的ID =任何数字,任何与该号码相关联的图像都将出现在面板控件中。
这是我的代码:
sqlcon.Open()
Dim cmd As SqlClient.SqlCommand
Dim sql As String =SELECT Images FROM [Table] WHERE ImageID ='+ DataGridView1.Rows(I).Cells(2).Value.ToString +'
cmd = New SqlClient。 SqlCommand(sql,sqlcon)
Dim img()As Byte = DataGridView1.Rows(0).Cells(1).Value
Dim ms1 As New System.IO。 MemoryStream(img)
Dim pic As New PictureBox()
pic.Image = Image.FromStream(ms1)
pic.SizeMode = PictureBoxSizeMode.StretchImage
pic。 SetBounds(wid,20,200,100)
'pic.Location = New Point(10,pic.Height)
AddHandler pic.Click,AddressOf convertPic
Me.Panel1.Controls.Add (pic)
wid + = 205
cmd.ExecuteNonQuery()
sqlcon.Close ()
下一页
我遇到的问题是它只显示1张图像,它只保留第一张图像。
我尝试了什么:
我试图改变ImageID列中的数字,但结果仍然相同。我认为我设置代码的方式是内存流只读取一个图像,但我不知道如何让它读取多个图像。
你根本没有从你的数据库中读取任何数据!
或者更确切地说,你做 - 很糟糕 - 但你忽略或丢弃它。
对于初学者,不要将ExecuteNonQuery与SELECT命令一起使用 - 根据定义,SELECT是一个Query!您需要一个ExecuteScalar或更可能的ExecuteReader,或者使用DataAdapter。
其次,永远不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。
第三,忽略您可能已阅读的任何数据,并始终从DataGridView的同一行和单元格创建图像。
我觉得你需要走开,与某人聊天或喝杯咖啡,然后再回头看看整个代码,因为那里看起来并不是很多,你想保留它。
引用:我修复了我可以获取图像的代码,并将它们放入SQL中,就像你告诉我的那样。我甚至制作了一个ImageID和常规ID列。我只想弄清楚最后一部分,这将使我的程序的这一部分完成。无论如何,到目前为止我从未使用过执行标准或执行读取器。当你的意思是集中意味着'?
连接是将字符串加在一起的过程 - 而在SQL术语中,它是非常危险的。
当你做这样的事情:
Dim sql 作为 字符串 = SELECT Images FROM [Table] WHERE ImageID =' + DataGridView1.Rows(I).Cells( 2 )。Value.ToString +您正在连接三个字符串:从SELECT开始,单元格的内容和尾随引用。这是有效的,但前提是内容完全符合你的想法,那是危险的。如果单元格被修改为包含
1'; DROP TABLE Images; -例如,则SQL获取命令:
SELECT 图像 FROM [表] WHERE ImageID = ' 1'; DROP TABLE 图像; - '哪个是完全有效的SQL:它是三个命令。第一个选择你的数据,第二个删除你的表,第三个注释掉之后的任何内容。
这就是所谓的SQL注入,它不是一个笑话: xkcd:对妈妈的利用 [ ^ ] - 人们试试这个。 2011年英国人口普查是你可以在网上完成的第一次人口普查,并且在上线后半小时内人们抱怨,因为SQL注入不起作用!
它可以用来改变,删除或者读你的数据库;或者绕过密码检查,或者用户想要做的任何其他事情,你可能更宁愿他没有...
永远不会,连接SQL命令 - 总是使用参数化查询。
So, during my time coding, I have been trying to display my pictures that are inside an sql database to a panel control. How I am trying to set it up is for images that have imageID = 1 will be placed into the panel control. I would like to get it where it matched up with other tables so if I click on a person and their ID = whatever number any images associated with that number will come up in the panel control.
Here is my code:
sqlcon.Open()
Dim cmd As SqlClient.SqlCommand
Dim sql As String = "SELECT Images FROM [Table] WHERE ImageID= '" + DataGridView1.Rows(I).Cells(2).Value.ToString + "'"
cmd = New SqlClient.SqlCommand(sql, sqlcon)
Dim img() As Byte = DataGridView1.Rows(0).Cells(1).Value
Dim ms1 As New System.IO.MemoryStream(img)
Dim pic As New PictureBox()
pic.Image = Image.FromStream(ms1)
pic.SizeMode = PictureBoxSizeMode.StretchImage
pic.SetBounds(wid, 20, 200, 100)
' pic.Location = New Point(10, pic.Height)
AddHandler pic.Click, AddressOf convertPic
Me.Panel1.Controls.Add(pic)
wid += 205
cmd.ExecuteNonQuery()
sqlcon.Close()
Next
the problem I am having is its only displaying 1 image, and it stays just that first image.
What I have tried:
I have tried to change the numbers in the ImageID column, but that still ended up with the same result. I think the way I have set up my code the memory stream is reading only one image, but I do not know how to make it read more than one image.
You don't read any data from your DB at all!
Or rather, you do - badly - but you then ignore or discard it.
For starters, don't use ExecuteNonQuery with a SELECT command - a SELECT is by definition a Query! You need an ExecuteScalar or more likely ExecuteReader, or to use a DataAdapter instead.
Second, never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
Third, you ignore any data you might have read and always create your image from the same row and cell of your DataGridView.
I think you need to walk away, have a chat or a cup of coffee with someone, then come back and look again at that whole code, because there isn't a lot there that looks like you want to keep it.
Quote:I fixed the code where I can get images and place them in SQL into a single table like you told me too. I even made an ImageID and regular ID column. I am just trying to figure this last part out and that will get this one portion of my program completed. Anyways, I have never used a executerscalar or executereader so far. When you mean concentate you mean the "'"?
Concatenation is the process of "adding strings together" - and in SQL terms, it's extremely dangerous.
When you do something like this:
Dim sql As String = "SELECT Images FROM [Table] WHERE ImageID= '" + DataGridView1.Rows(I).Cells(2).Value.ToString + "'"You are concatenating three strings: the beginning with the SELECT, the content of a cell, and a trailing quote. That works, but only if the content is exactly what you think it is, and that';s dangerous. If the cell is modified to contain
1';DROP TABLE Images;--for example, then SQL gets the command:
SELECT Images FROM [Table] WHERE ImageID= '1';DROP TABLE Images;--'Which is completely valid SQL: it's three commands. The first selects your data, the second deletes your table, and the third comments out anything after that.
That's called SQL Injection and it's not a joke: xkcd: Exploits of a Mom[^] - people do try this. The 2011 UK census was the first you could complete online, and within half an hour of it going live people were complaining because SQL Injection didn't work!
It can be used to alter, delete, or read your DB; or to bypass password checking, or anything else the user wants to do that you would probably much rather he didn't...
Never, ever, concatenate SQL commands - always use parameterised queries.
这篇关于如何从SQL数据库中检索多个图像并将其显示在面板控件中?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
