Saturday 15 May 2010

arrays - UPDATE QUERY Image -



arrays - UPDATE QUERY Image -

if seek convert image array , run update query , insert string update transformed image matrix error:

the + operator not defined types 'string' , 'matrix' 1-byte size

the code is:

data1 = textbox data2 = textbox2 using ms new memorystream () directcast (picturebox1.image, botmap) .save (ms currentformat) image = ms.toarray () end using dim param sqlparameter () = _ new sqlparameter () {new sqlparameter ("@ data1", _ data1), new sqlparameter ("@ data2", data2), new sqlparameter ("@ image", image)} mcmd.commandtext = "update set table column1 = '" + data1 + "', column2 '" + data1 + "'" mcmd.parameters.add ("@ image", sqldbtype.varbinary, 8000) .value = image

how can prepare it?

you anyways, defining parameter image variable in code pointed below

mcmd.parameters.add ("@image", sqldbtype.varbinary, 8000) .value = image

so, instead of preparing query concatenating values vulnerable sql injection attack; utilize parametrized query parameters have defined

mcmd.commandtext = "update table_name set column1 = @data1, column2 = @data2, image = @image

arrays vb.net image visual-studio-2010

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)