473,466 Members | 1,377 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

dynamically added sqlcommand string fails while static string works properly

1 New Member
Hi Everyone,

I have a problem that is quite frusturating.

I am passing in an image from a database, which is to be accessed in an image button. When I dynamically add the string for an sql command, the image is not found, and a red X appears in place of the image. However, when I use a static string, everything works and the image is there.

I have tested my code, and special characters is not the problem.

I posted my code below.

Thanks,

Austin

Expand|Select|Wrap|Line Numbers
  1. public void ProcessRequest(HttpContext context) 
  2. {
  3. string image_name = context.Request.QueryString["image_name"]; 
  4.  
  5. string connString = @"Data Source=WOLVERINE;user id=sa;password=Osprey22;database=FileUpload";SqlConnection connection = new SqlConnection(connString); 
  6.  
  7. connection.Open();
  8.  
  9. StringBuilder sb = new StringBuilder();sb.AppendFormat("SELECT image_data FROM Available_Pics where image_name = '{0}'", image_name); 
  10.  
  11. // SqlCommand command = new SqlCommand(sb.ToString(), connection);
  12. // The above SqlCommand fails even though sb.ToString() has an identical string to the one shown below that is
  13. // passed into the function.
  14. // Why would a string created dynamically not work, yet a static string like the one below work successfully ?
  15.  
  16. SqlCommand command = new SqlCommand("SELECT image_data FROM Available_Pics where image_name = 'test'", connection);SqlDataReader dr = command.ExecuteReader(); 
  17. dr.Read();
  18.  
  19. context.Response.BinaryWrite((Byte[])dr[0]);
  20. context.Response.ContentType = "image/png"; 
  21. connection.Close();
  22. context.Response.End();
  23.  
  24. }
Jun 16 '09 #1
2 2452
tlhintoq
3,525 Recognized Expert Specialist
Somewhere there is a difference between the two that you just aren't/can't see. Maybe a null on the end for example. Check them both via breakpoints. Heck, use both at the same time and do a comparrison of the two variables to see if they are the same and so you can see them side by side.

Expand|Select|Wrap|Line Numbers
  1. if (string1 == string2) console.writeline("same");
Have you tried it NOT using a stringbuilder, but just a string?
Expand|Select|Wrap|Line Numbers
  1. string sb = string.format("SELECT image_data FROM Available_Pics where image_name = '{0}'", image_name); 
  2. SqlCommand command = new SqlCommand(sb, connection);
You may also want to either trim or add a null at the end as needed by your query (I don't know which is right for query strings)

Expand|Select|Wrap|Line Numbers
  1. string sb = string.format("SELECT image_data FROM Available_Pics where image_name = '{0}'", image_name).trimend('\0');
Jun 16 '09 #2
Frinavale
9,735 Recognized Expert Moderator Expert
When you build an SQL statement directly from user input as you are doing you leave your self open to a SQL Injection Attack.

Instead of doing what you're doing to create the SQL statement, consider using Parameters instead.

I believe this will fix your problem and it will protect you against a SQL Injection Attack.

See this article on how to use a database in your program for an example of how to use parameters.

-Frinny
Jun 16 '09 #3

Sign in to post your reply or Sign up for a free account.

Similar topics

4
Calling a static function in a dynamically loaded assembly (DLL)
by: Jonathan Roewen | last post by:
Hi I've got loading assemblies dynamically done (wasn't too difficult). Now I want to lookup a static function in the loaded assembly, and if found, return it somehow, and call it from my app. So...
C# / C Sharp
3
Event on dynamically created linkbutton in C#
by: Alice Lee | last post by:
Hi, My web from has one button and by clicking this button a list of linkbuttons must be dynamically displayed based on information in database. Then click any one of these linkbuttons another...
C# / C Sharp
1
DataGrid add dynamically a column with sort header
by: Webgour | last post by:
Hi, I'm tring to add a column to a datagrid with a linkbutton as header that can be used to sort the column. The column and the linkbutton are added programmatically (see below). However the...
C# / C Sharp
9
PIE/BAR CHART QUESTIONS?(creating them dynamically)
by: Patrick.O.Ige | last post by:
I have a code below and its a PIE & BAR CHART. The values now are all static but I want to be able to pull the values from a database. Can you guys give me some ideas to do this? Thanks ...
ASP.NET
2
disabled dynamically added controls and postback
by: djk | last post by:
Hi all! Please help me with the following real-trouble: - I have dynamically created controls on page - Everything works unless I set for some controls .Enabled = false In such a case...
ASP.NET
2
View State issue with dynamically added controls-Plz help :-)
by: Chad | last post by:
I have a problem that I am desperate to understand. It involves dynamically adding controls to a Table control that is built as a result of performing a database query. I am not looking to...
ASP.NET
12
Dynamically-created menus and mdi children
by: Steve_Black | last post by:
I posted a similar message earlier but we've geared away from the original topic somewhat so I thought I'd post again in hopes of getting input from others. I am creating a MenuStrip...
Visual Basic .NET
1
SQLCommand insert not working for dataset with more than one row.
by: Noppers | last post by:
I am trying to insert data into 2 tables, Order and Order_Item, in a transaction. Everything works fine if I only have 1 row in my objCartDT dataset. If I have only one row, the 2 tables are updated...
.NET Framework
7
Asp.Net AJAX dynamically added Tab Control not displaying
by: RichB | last post by:
I am trying to get to grips with the asp.net ajaxcontrol toolkit, and am trying to add a tabbed control to the page. I have no problems within the aspx file, and can dynamically manipulate a...
ASP.NET
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us