从xml到c#gui将图像插入到sql server中 [英] insert image into sql server from xml through c# gui
本文介绍了从xml到c#gui将图像插入到sql server中的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我们如何将图像从xml插入sql server 2005到c#gui。
当我们尝试插入图片时出现以下错误
输入字符串不是核心格式。
我们的代码是
How We can insert image into sql server 2005 from xml through c# gui.
when we tried to insert image the following error has shown
"input string was not in corect format.
Our Code is
{
try
{
string connetionString = null;
SqlConnection connection;
SqlCommand command;
SqlDataAdapter adpter = new SqlDataAdapter();
DataSet ds = new DataSet();
XmlReader xmlFile;
string sql = null;
string regno = null;
string name = null;
string wife = null;
string child1 = null;
string child2 = null;
string child3 = null;
string child4 = null;
string child5 = null;
double phone_no = 0;
string address = null;
string add_info = null;
string place = null;
string email = null;
string amem = null;
int contri = 0;
string laup = null;
byte img = 0;
connetionString = "data source=.\\SQLEXPRESS;initial catalog=prince;integrated security=true";
connection = new SqlConnection(connetionString);
xmlFile = XmlReader.Create("C:\\Xml Folder\\ChurchXml Folder\\church.xml", new XmlReaderSettings());
ds.ReadXml(xmlFile);
int i = 0;
connection.Open();
for (i = 0; i <= ds.Tables[0].Rows.Count - 1; i++)
{
regno =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[0]);
name =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[1]);
wife =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[2]);
child1 =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[3]);
child2 = Convert.ToString(ds.Tables[0].Rows[i].ItemArray[4]);
child3 =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[5]);
child4 =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[6]);
child5 =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[7]);
phone_no = Convert.ToDouble(ds.Tables[0].Rows[i].ItemArray[8]);
address =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[9]);
add_info =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[10]);
place =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[11]);
email =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[12]);
amem =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[13]);
contri = Convert.ToInt32(ds.Tables[0].Rows[i].ItemArray[14]);
laup =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[15]);
img = Convert.ToByte(ds.Tables[0].Rows[i].ItemArray[16]);
sql = "insert into church values(" + "''" + regno + "''," + "''" + name + "''," + "''" + wife + "''," + "''" + child1 + "''," + "''" + child2 + "''," + "''" + child3 + "''," + "''" + child4 + "''," + "''" + child5 + "''," + phone_no + ",''" + address + "''," + "''" + add_info + "''," + "''" + place + "''," + "''" + email + "''," + "''" + amem + "''," + contri + ",''" + laup + "''," + img + ")";
command = new SqlCommand(sql, connection);
adpter.InsertCommand = command;
adpter.InsertCommand.ExecuteNonQuery();
}
connection.Close();
MessageBox.Show("Done .. ");
}
catch (Exception ee)
{
MessageBox.Show(ee.Message);
}
推荐答案
看看你的代码,我担心你已经对SQL注入做了大开攻击。虽然它传统上与网站相关联,但表单应用程序同样容易受到攻击。你真的需要阅读 SQL注入关于如何预防他们的攻击和一些提示 [ ^ ]由Colin Mackay深入了解他们。
一件事我也会质疑,你是否拥有教堂桌所需的所有田地。由于您没有明确说出您期望的列,因此您的查询将尝试将您指定的字段插入到该表中,完全按照您指定的顺序插入。所以,例如,如果你有一个标识列,你实际上会尝试在该列中插入一个字符串(regno)。
Looking at your code, I''m concerned that you have left yourself wide open to a SQL Injection attack. Although it''s traditionally associated with web sites, forms applications are equally vulnerable. You really need to have a read of SQL Injection Attacks and Some Tips on How to Prevent Them[^] by Colin Mackay to get a deeper understanding of them.
One thing that I would question, as well, is whether you have all the fields you need for the church table. As you don''t explicitly say what columns you are expecting, your query will attempt to insert the fields you specify into that table, in exactly the order you specified them. So, for instance, if you have an identity column, you''ll actually be attempting to insert a string (regno) into that column.
这篇关于从xml到c#gui将图像插入到sql server中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
