0

I am trying to insert image in my databse .However I dont want to use the parameters as my set up of coding pattern does not allow this.Is there a way out?

I know that following code inserts the image 

byte[] imageData = ReadFile(txtImagePath.Text);
SqlConnection CN = new SqlConnection(txtConnectionString.Text);
string qry = "insert into ImagesStore (ImageData) values( @ImageData)";
SqlCommand SqlCom = new SqlCommand(qry, CN);
SqlCom.Parameters.Add(new SqlParameter("@ImageData", (object)imageData));
//Open connection and execute insert query.
CN.Open();
SqlCom.ExecuteNonQuery();
CN.Close();

But However, I would like to use some thing like this without the SQL Parameters

byte[] imageData = ReadFile(txtImagePath.Text);
SqlConnection CN = new SqlConnection(txtConnectionString.Text);
string qry = "insert into ImagesStore (ImageData) values(IMAGE DATA IN SOME FORM MAY BE 0101000101011001100 I dont know!)";
SqlCommand SqlCom = new SqlCommand(qry, CN);
//Open connection and execute insert query.
CN.Open();
SqlCom.ExecuteNonQuery();
CN.Close();
Improve this question
5
  • 2
    But Parameters is the way to go. In what way does your coding pattern not allow parameter? Commented Aug 30, 2010 at 6:28
  • You need to thoroughly rethink your "no parameters" coding practice - having parameters is the best defence against SQL injection. Not having parameters opens up the door to exploits and should be avoided at all costs.... Commented Aug 30, 2010 at 7:12
  • @Albin It is because I am using a framework , where I will have to pass the whole insert sql as a string and there is no other way than to convert image into a bytes stream ! Commented Aug 30, 2010 at 8:21
  • that sounds like a bad framework, it will give you more trouble than this. Floating point values and dates are sensitive to locale settings, not to mention possible SQL injection attacks. Commented Aug 30, 2010 at 8:57
  • 1
    Egads. And we wonder why, even in this day and age, SQL Injection vulnerabilities abound. Any such framework is a bad framework, as Albin says. You are going to likely have many, many other problems beyond this with this framework. Commented Sep 17, 2010 at 6:36

5 Answers 5

Reset to default
1

I haven't used sqlserver, but can you use a blob where you can just insert any binary object regardless of format? I found this article which may be of some help: http://www.developer.com/net/asp/article.php/3761486/Working-with-Binary-Large-Objects-BLOBs-Using-SQL-Server-and-ADONET.htm

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

It uses parameter So not the answer !
1

You can use a hex notation:

INSERT INTO imagestore
(imagedata)
VALUES
(0xFF01);

would insert a blob with two bytes (255 and 1) into the table

Improve this answer

3 Comments

but How to convert image to bytes ... do you have any idea?
You already have a byte[] array. You just need to convert each byte into its hex representation.
If you insist on storing the image in the DB without parameters, the above answer seems best. Just do a 'Byte array to hex string' conversion and insert the resulting data. I wouldn't do this on multiple megabyte images though as the hex encoding makes it twice as big. For small icons it's probably acceptable.
1

Dont'!

Sorry for dodging your question, but why do you want to insert the image as a blob? In my experience it is almost never a good idea. Instead store the path to the image file on disk.

It could be that rour requirements leave you no other option than to store the image as a blob in the db, but I would seriously reconsider the requirements as storing binary (image) data is almost always a bad idea.

Improve this answer

1 Comment

I re-framed my question and I think I have got a solution plz Have a look here . stackoverflow.com/questions/3733026/…
0

Here is what I did:First converted the image into bytes then bytes into sting and inserted the sting using insert SQL, to retrieve the image I took back the steps!

    //convert to stirng
    Bitmap bmp = new Bitmap(@"D:/bmp.bmp");
    MemoryStream mem = new MemoryStream();
    bmp.Save(mem, System.Drawing.Imaging.ImageFormat.Jpeg );
    byte[] b = mem.ToArray();
    mem.Close();
    mem = null;
    System.Text.UnicodeEncoding a = new UnicodeEncoding();
    string s = System.Text.Encoding.Unicode .GetString(b);
    //test
    File.WriteAllText(@"D:/txt.txt", s);

    //convert back to image
    Image newImage;
    byte[] bytes = System.Text.Encoding.Unicode.GetBytes(s);
    using (MemoryStream ms = new MemoryStream(bytes.Length))
    {
        ms.Write(bytes, 0, bytes.Length);
        newImage = Image.FromStream(ms);
        ms.Close();
    }
    //test 
    pictureBox1.Image = newImage;
    //It works!
    //So just fire the SQL
   con.Executenonquery("insert into ImageDb ('img') values (" + s +")") ;
Improve this answer

1 Comment

I think you are just lucky that it works. In fact there are definitely byte combinations that do not map to a valid Unicode character. There are approx. 100.000 Unicode characters that are encoded into bytes using either UTF-8, UTF-16 or UTF-32. If you are using UTF-8 (I can't tell from your code) then there are so called 'surrogate pairs' and not all byte combinations are valid. If you use UTF-32 there a 4 billion possible combinations which definitely don't all map to 100.000 characters. In short: Don't use this code as it will probably fail at some point and will be impossible to debug.
0

I re-framed my question and I think I have got a solution plz Have a look at convert image to stream of characters .

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.