如何填充文件流 [英] How Do I Fill File Stream

问题描述

我的代码是

Hi , my code is

FileStream stream = new FileStream("c:\aaa.jpg",FileMode.OpenOrCreate);

它工作正常，但我在目的地的文件将是空白文件.这是aaa.jpg将为空白.

我的完整代码是:

it works fine but my file at destination will be a blank file . which is aaa.jpg will be blank .

my full code is :

string fileName = Path.GetFileName(File_Upload.PostedFile.FileName);
        string path = (ConfigurationManager.AppSettings["virtual_path"]).ToLower();

        Btn_upload.Enabled = false;
        File_Upload.Enabled = false;

        try
        {
            con.Open();
            SqlCommand cmdInsert = new SqlCommand("insert into tbl_Img (Fld_Uploader,Fld_path,Fld_mode) values ('admin','" + path + "','aaa')", con);
            cmdInsert.ExecuteNonQuery();

            SqlCommand cmdSelect = new SqlCommand("select top 1 * from tbl_Img order by Fld_id desc ", con);
            SqlDataAdapter da = new SqlDataAdapter(cmdSelect);
            DataTable dt = new DataTable();

            da.Fill(dt);
            
            ImgId = dt.Rows[0]["Fld_id"].ToString();
            RandCode = dt.Rows[0]["Fld_RandCode"].ToString();
            ImgName = ImgId + "_" + fileName;

            path = path + ImgId + "_" + fileName;

            string aaa = Server.MapPath("~/" + path);


            FileStream stream = new FileStream(aaa,FileMode.OpenOrCreate);

           // StreamWriter str = new StreamWriter(aaa);
            Response.Write(aaa);

            stream.Close();
            //File_Upload.PostedFile.SaveAs(Server.MapPath(stream.ToString()));

            SqlCommand cmdUpdate = new SqlCommand("update tbl_Img set Fld_FileName = '" + ImgId + "_" + fileName + "' where Fld_id = '" + ImgId + "' ", con);
            cmdUpdate.ExecuteNonQuery();


            con.Close();

            Img.ImageUrl = "../../ReadAttachment.aspx?code=" + RandCode + "&maxWidth=100&maxHeight=100";
        }
        catch (Exception ex) 
        {
            ErrorDiv.Attributes["class"]="ErrorDivVisible";
            array[count++] = "مشکلی در آپلود فایل وجود دارد";
            array[count++] = ex.Message;
            flag = 1;
            UlFunction(count, array);
        }

        BtnDelete.Visible = true;
        btnAdd.Enabled = true;
    }

推荐答案

成员，

这是复制粘贴"代码吗?

Hi Member,

Is this "Copy-Paste" code?

 FileStream stream = new FileStream(aaa,FileMode.OpenOrCreate);

// StreamWriter str = new StreamWriter(aaa);
 Response.Write(aaa);

 stream.Close();

如何写FileStream而不是Response流-打开流并关闭它.因此，难怪文件为空...

从您的代码看来，您似乎错过了一些C#/编程基础知识".我可以给您一些一般性的建议".
将代码分成逻辑单元-混合使用UI，数据访问和业务逻辑不是一个好主意.
您的代码也容易受到SQL注入的攻击-不，防止这种攻击永远不是可选的！

可以帮助整理您的想法"的是:首先写下您必须执行的步骤(例如，作为注释)，然后在其中填充代码-您可以先看到"，然后看到"什么功能"-您拥有的方法无需混合即可实现不属于一起的事物-并处理每个操作的特定错误-您当前的代码捕获了所有异常-我可以想到数百种可能导致此代码出错的事物...
示例:

//获取文件路径
//插入数据
//查询数据
//将数据保存到文件中
//显示您的数据

只是我的2cent ...
亲切的问候
Johannes

how about writing to the FileStream instead of the Response stream - you are opening the stream and close it. So no wonder the File is empty...

From your code it seems you miss some C#/programming "basics". I can just give you some general "advices".
Split your code into logical units - mixing up UI, data access and your buissness logic is not a good idea.
Your code is vulnarable to SQL injection too - and no, protecting against this is NEVER optional!

What can help to "sort your thoughts" is: Write first down what steps you have to do (e.g. as comments), fill it up with the code after that - you may can "see" then what "functions" - methods you have to implement without mixinig up things which don''t belong together - and handle specific Errors to each Operation - your current code catches all exceptions - I can think of hundreds of things which could go wrong this code...
Example:

// Obtain File Path
// Insert Data
// Query for Data
// Save data into file
// Present your data

Just my 2cent...
Kind regards
Johannes

目前尚不清楚您为什么尝试打开JPEG文件.

至于SQL语句，您做错了.理查德·迪明(Richard Deeming)绝对正确.请参阅他对这个问题的评论.

该语句由从UI提取的字符串串联而成.不仅重复的字符串连接效率低下(因为字符串不可变；我是否必须解释为什么它使重复的连接变坏?)，还有一个更重要的问题:它为实现良好的连接打开了大门.称为 SQL注入的已知漏洞.

它是这样工作的: http://xkcd.com/327 [ http://en.wikipedia.org/Wiki/SQL_injection [ ^ ].

通过ADO.NET，请使用以下命令: http://msdn.microsoft.com/zh-CN/library/ff648339.aspx [ ^ ].

请查看我过去的答案以获取更多详细信息:
在com.ExecuteNonQuery();中错误更新 [您的名字未显示在名称中吗? [ ^ ].

—SA

It''s not clear why would you try to open a JPEG file.

As to the SQL statement, you are doing it wrong. Richard Deeming is absolutely right; please see his comment to the question.

The statement is composed by concatenation with strings taken from UI. Not only repeated string concatenation is inefficient (because strings are immutable; do I have to explain why it makes repeated concatenation bad?), but there is way more important issue: it opens the doors to a well-known exploit called SQL injection.

This is how it works: http://xkcd.com/327[^].

What to do? Just read about this problem and the main remedy: parametrized statements: http://en.wikipedia.org/wiki/SQL_injection[^].

With ADO.NET, use this: http://msdn.microsoft.com/en-us/library/ff648339.aspx[^].

Please see my past answers for some more detail:
EROR IN UPATE in com.ExecuteNonQuery();[^],
hi name is not displaying in name?[^].

—SA

这篇关于如何填充文件流的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！