Hi Everyone,
I have a problem that is quite frusturating.
I am passing in an image from a database, which is to be accessed in an image button. When I dynamically add the string for an sql command, the image is not found, and a red X appears in place of the image. However, when I use a static string, everything works and the image is there.
I have tested my code, and special characters is not the problem.
I posted my code below.
Thanks,
Austin - public void ProcessRequest(HttpContext context)
-
{
-
string image_name = context.Request.QueryString["image_name"];
-
-
string connString = @"Data Source=WOLVERINE;user id=sa;password=Osprey22;database=FileUpload";SqlConnection connection = new SqlConnection(connString);
-
-
connection.Open();
-
-
StringBuilder sb = new StringBuilder();sb.AppendFormat("SELECT image_data FROM Available_Pics where image_name = '{0}'", image_name);
-
- // SqlCommand command = new SqlCommand(sb.ToString(), connection);
-
// The above SqlCommand fails even though sb.ToString() has an identical string to the one shown below that is
-
// passed into the function.
-
// Why would a string created dynamically not work, yet a static string like the one below work successfully ?
-
-
SqlCommand command = new SqlCommand("SELECT image_data FROM Available_Pics where image_name = 'test'", connection);SqlDataReader dr = command.ExecuteReader();
-
dr.Read();
-
-
context.Response.BinaryWrite((Byte[])dr[0]);
-
context.Response.ContentType = "image/png";
-
connection.Close();
-
context.Response.End();
-
-
}
2 2466 tlhintoq 3,525
Recognized Expert Specialist
Somewhere there is a difference between the two that you just aren't/can't see. Maybe a null on the end for example. Check them both via breakpoints. Heck, use both at the same time and do a comparrison of the two variables to see if they are the same and so you can see them side by side. - if (string1 == string2) console.writeline("same");
Have you tried it NOT using a stringbuilder, but just a string? - string sb = string.format("SELECT image_data FROM Available_Pics where image_name = '{0}'", image_name);
-
SqlCommand command = new SqlCommand(sb, connection);
You may also want to either trim or add a null at the end as needed by your query (I don't know which is right for query strings) - string sb = string.format("SELECT image_data FROM Available_Pics where image_name = '{0}'", image_name).trimend('\0');
Frinavale 9,735
Recognized Expert Moderator Expert
When you build an SQL statement directly from user input as you are doing you leave your self open to a SQL Injection Attack.
Instead of doing what you're doing to create the SQL statement, consider using Parameters instead.
I believe this will fix your problem and it will protect you against a SQL Injection Attack.
See this article on how to use a database in your program for an example of how to use parameters.
-Frinny
Sign in to post your reply or Sign up for a free account.
Similar topics |
by: Jonathan Roewen |
last post by:
Hi
I've got loading assemblies dynamically done (wasn't too difficult). Now I want to lookup a static function in the loaded assembly, and if found, return it somehow, and call it from my app. So far, my efforts have failed miserably
My function takes custom objects as parameters, along the lines of: string MyFunction(XmlNode node, MyNamespace.MyObject myObject, String str) { ...
I've tried using delegates, and also MethodInfo, but...
|
by: Alice Lee |
last post by:
Hi,
My web from has one button and by clicking this button a list of
linkbuttons must be dynamically displayed based on information in
database. Then click any one of these linkbuttons another set of
linkbuttons will be displayed, and so forth... My code works, but I have
to click twice every time to get it running correctly. I can not figure
out what's wrong in my code.
My code:
|
by: Webgour |
last post by:
Hi,
I'm tring to add a column to a datagrid with a linkbutton as header that can
be used to sort the column. The column and the linkbutton are added
programmatically (see below). However the problem is that when you click the
added column header it doesn't trigger the sort.
The code :
<%@ Page language="c#" Codebehind="WebForm1.aspx.cs" AutoEventWireup="false"
|
by: Patrick.O.Ige |
last post by:
I have a code below and its a PIE & BAR CHART.
The values now are all static but I want to be able to pull the values from
a database.
Can you guys give me some ideas to do this?
Thanks
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Declare your object variables
|
by: djk |
last post by:
Hi all!
Please help me with the following real-trouble:
- I have dynamically created controls on page
- Everything works unless I set for some controls .Enabled = false
In such a case stored value for the disabled control is lost (not sent by
MSIE back to server).
| |
by: Chad |
last post by:
I have a problem that I am desperate to understand.
It involves dynamically adding controls to a Table control that is built as a result of performing a database query.
I am not looking to avoid the problem by avoiding the table control or resorting to databound controls that better manage state for me. I hope to understand how to solve the problem by using the Table web control and sticking to the approach of building the table at run...
|
by: Steve_Black |
last post by:
I posted a similar message earlier but we've geared away from the
original topic somewhat so I thought I'd post again in hopes of getting
input from others.
I am creating a MenuStrip dynamically. For each ToolStripMenuItem, I'm
adding an event handler so that the same routine gets called regardless
of which menu item was clicked. All of this works great - my menu is
being loaded properly and my routine gets called properly.
Within...
|
by: Noppers |
last post by:
I am trying to insert data into 2 tables, Order and Order_Item, in a transaction. Everything works fine if I only have 1 row in my objCartDT dataset. If I have only one row, the 2 tables are updated as expected. But if I have more than one row in the objCartDT, something fails, and I can't figure out what (but I suspect it has to do with the params in conjunction with "cmdNewOrder_Items.ExecuteNonQuery();" and the looping I'm trying to do. Maybe...
|
by: RichB |
last post by:
I am trying to get to grips with the asp.net ajaxcontrol toolkit, and am
trying to add a tabbed control to the page.
I have no problems within the aspx file, and can dynamically manipulate a
tabcontainer which has 1 panel already, however I want to try create the
TabPanels dynamically. I followed the advice here:
http://www.asp.net/learn/ajax-videos/video-156.aspx (3rd comment - Joe
Stagner)
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |