如何在C#中从数据库中恢复图像 [英] How Do I Retrive Image From Database In C#
本文介绍了如何在C#中从数据库中恢复图像的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
这里我使用来自db..kindly帮助的反向图像代码并纠正错误..
按钮点击事件:
here i use the code for retrive image from db..kindly help and rectify the error..
button click event:
SqlConnection c = new SqlConnection(@"Data Source=ADMIN-PC\SQLEXPRESS;Initial Catalog=Picture;Integrated Security=True");
c.Open();
MemoryStream stream = new MemoryStream();
SqlCommand command = new SqlCommand("select * from pic where u='" + textBox1.Text + "'", c);
byte[] image = (byte[])command.ExecuteScalar();
stream.Write(image, 0, image.Length);
c.Close();
Bitmap bitmap = new Bitmap(stream);(Error thows here)
pictureBox1.Image = bitmap;
显示错误:
It shows an error :
Argument exception was unhandled
parameter is not valid
推荐答案
请看这里:为什么我得到参数无效。我从数据库中读取图像时出现异常? [ ^ ]
从一开始你的方法就错了。通过串联从UI获取的字符串组成的查询。不仅重复的字符串连接是低效的(因为字符串是不可变的;我是否必须解释为什么它会使重复连接变坏?),但是有更重要的问题:它打开了通向良好的大门已知的漏洞称为 SQL注入。
这是它的工作原理: http://xkcd.com/327 。
你明白了吗?从控件中获取的字符串可以是任何东西,包括......一段SQL代码。
怎么办?只需阅读有关此问题和主要补救措施:参数化语句: http://en.wikipedia.org/ wiki / SQL_injection 。
使用ADO.NET,使用:http://msdn.microsoft.com/en-us/library/ff648339.aspx 。
请参阅我过去的答案有更多细节:
在com.ExecuteNonQuery中更新EROR( ); ,
嗨名字没有显示在名称中?。
-SA
Your approach is wrong from the very beginning. The query composed by concatenation with strings taken from UI. Not only repeated string concatenation is inefficient (because strings are immutable; do I have to explain why it makes repeated concatenation bad?), but there is way more important issue: it opens the doors to a well-known exploit called SQL injection.
This is how it works: http://xkcd.com/327.
Are you getting the idea? The string taken from a control can be anything, including… a fragment of SQL code.
What to do? Just read about this problem and the main remedy: parametrized statements: http://en.wikipedia.org/wiki/SQL_injection.
With ADO.NET, use this: http://msdn.microsoft.com/en-us/library/ff648339.aspx.
Please see my past answers for some more detail:
EROR IN UPATE in com.ExecuteNonQuery();,
hi name is not displaying in name?.
—SA
这篇关于如何在C#中从数据库中恢复图像的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文