By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
446,205 Members | 1,116 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 446,205 IT Pros & Developers. It's quick & easy.

How can I save a byte[] to a BLOB field?

P: n/a
Hi,

I can a big problem... because I have a byte[] data = new byte[length], and
I need to save this to a field on my MySQL database (here I have a BLOB
field) but ¿can I save it? because if I put:
Insert into archiv(ref, databinary) VALUES('"+ref+"', '"+ data+"')

In my Database only save "System.byte[]"

Can Someone help me?

Luis
Nov 15 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Use....

PARAMETERS.

NEVER EVER put together your SQL like this.

Look up the term "SQL Injecion attack" in google.

Thomas Tomiczek
THONA Software & Consulting Ltd.
(Microsoft MVP C#/.NET)

"Luis" <ll*@telefonica.net> wrote in message
news:uf**************@TK2MSFTNGP12.phx.gbl...
Hi,

I can a big problem... because I have a byte[] data = new byte[length], and I need to save this to a field on my MySQL database (here I have a BLOB
field) but ¿can I save it? because if I put:
Insert into archiv(ref, databinary) VALUES('"+ref+"', '"+ data+"')

In my Database only save "System.byte[]"

Can Someone help me?

Luis

Nov 15 '05 #2

P: n/a
I can't understand you...

"Use parameters" but... can you said me one example? because I put in google
SQL Injecion attack and I can't undestand...

Thanks

"Thomas Tomiczek [MVP]" <t.********@thona-consulting.com> escribió en el
mensaje news:uI*************@TK2MSFTNGP11.phx.gbl...
Use....

PARAMETERS.

NEVER EVER put together your SQL like this.

Look up the term "SQL Injecion attack" in google.

Thomas Tomiczek
THONA Software & Consulting Ltd.
(Microsoft MVP C#/.NET)

"Luis" <ll*@telefonica.net> wrote in message
news:uf**************@TK2MSFTNGP12.phx.gbl...
Hi,

I can a big problem... because I have a byte[] data = new byte[length],

and
I need to save this to a field on my MySQL database (here I have a BLOB
field) but ¿can I save it? because if I put:
Insert into archiv(ref, databinary) VALUES('"+ref+"', '"+ data+"')

In my Database only save "System.byte[]"

Can Someone help me?

Luis


Nov 15 '05 #3

P: n/a

"Luis" <ll*@telefonica.net> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
I can't understand you...
But you know how to read documentation?

"Use parameters" but... can you said me one example? because I put in google

Use Parameters.

* Open online documentation.
* Then start thinking. Along this line: I use SqlConnection, let's see
whether ethere is a SqlParameter.
* Hit.

* Read documentation.
* Read samples.
* Program.

In case you have problems with the documentation, a viable approach is -
google.

Let's see.

"+sqlparameter +sample" as search string.

FIrst site: .NET Samples - ASP.NET Data Access (.NET Framework QuickStarts)

COULD be something. Lets go there.Na, not good.

Let's see further.Fourth link: Inserting Record into Database

Could be it.
http://www.aspnet101.com/aspnet101/a...ode=showinsert

Guess what - complete code sample. OK, in VB.NET, but moving between
languages THAT similar for a similar API should not be that hard on trivial
samples.
SQL Injecion attack and I can't undestand...
And again.

* Open Google.
* enter "+sql +injection +attack" as search term.
* Whow - first titem:
SQL Injection Attacks - Are You Safe?
* Third Item:
The alt.2600 / #hack FAQ: What is an SQL Injection Attack
* Fourth Item:
Secure Your ASP.NET Application from a SQL Injection Attack
Hm - you know how to click the hyperlinks, right? Just wondering.

The first title I got links to http://www.sitepoint.com/article/794 and has
a VERY nice explanation of what "crime" you actually commit by your SQL - it
basiclly is, if the rest of the application is written as well, an
invitation for every hacker out there to delete your database. THis is a
known attack for years now, and everytime I stumble over someone not knowing
what a SQL Injecton attack is I really wonder what planet they live on so
that they do not read current security warnings. SQL Injection attacks are
CRITICAL.

If you can not understand what is in there, you should NOT program databases
but should follow the following path:

* Go to a bookshop or a book online website.
* Get a book about SQL, introductory books. The "for Dummies" books are very
good (without ANY pun intended - I keep them around for reference here and I
really like them) and are pretty thorough and well explained. You could also
get some SQL books from Joe Celko (he really rocks in SQL - very good guy)
and last but not least: reading the complete API documentation and
documentation for your database server is a MUST.

Alternatively:
* Get some training in SQL through a training company.

You should take some good advice from this:

* Newsgroups are perfect BUT
* They are no excuse not to do your homework. This includes
* Reading the documentation first, including going through all the
examples you find.
* Using your own brain. This includes getting your way around google.
* They are no excuse for learning your stuff. Reading some good books is a
way more efficient way to get knowledge than running around and asking
questions for which you actually don't have the knowledge to understand the
answer.

Newsgroups will nve help you getting the basic knowledge. Te are no
replacement for books and the documentation.

Thomas Tomiczek
THONA Software & Consulting Ltd.
(Microsoft MVP C#/.NET)


Thanks

"Thomas Tomiczek [MVP]" <t.********@thona-consulting.com> escribió en el
mensaje news:uI*************@TK2MSFTNGP11.phx.gbl...
Use....

PARAMETERS.

NEVER EVER put together your SQL like this.

Look up the term "SQL Injecion attack" in google.

Thomas Tomiczek
THONA Software & Consulting Ltd.
(Microsoft MVP C#/.NET)

"Luis" <ll*@telefonica.net> wrote in message
news:uf**************@TK2MSFTNGP12.phx.gbl...
Hi,

I can a big problem... because I have a byte[] data = new byte[length],
and
I need to save this to a field on my MySQL database (here I have a

BLOB field) but ¿can I save it? because if I put:
Insert into archiv(ref, databinary) VALUES('"+ref+"', '"+ data+"')

In my Database only save "System.byte[]"

Can Someone help me?

Luis



Nov 15 '05 #4

P: n/a
Oh!! thanks, but I not want to said this :) no problem, I find and if I
have a other problem I will answer :)
I know more or less ALL that you said me, only that the examples that I see
not work correctly and I answers this, but I know the basic structures and I
have a documentation for review...

But, thanks for all.

Thanks...

Luis

"Thomas Tomiczek [MVP]" <t.********@thona-consulting.com> escribió en el
mensaje news:OV****************@TK2MSFTNGP09.phx.gbl...

"Luis" <ll*@telefonica.net> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
I can't understand you...
But you know how to read documentation?

"Use parameters" but... can you said me one example? because I put in

google

Use Parameters.

* Open online documentation.
* Then start thinking. Along this line: I use SqlConnection, let's see
whether ethere is a SqlParameter.
* Hit.

* Read documentation.
* Read samples.
* Program.

In case you have problems with the documentation, a viable approach is -
google.

Let's see.

"+sqlparameter +sample" as search string.

FIrst site: .NET Samples - ASP.NET Data Access (.NET Framework

QuickStarts)
COULD be something. Lets go there.Na, not good.

Let's see further.Fourth link: Inserting Record into Database

Could be it.
http://www.aspnet101.com/aspnet101/a...ode=showinsert

Guess what - complete code sample. OK, in VB.NET, but moving between
languages THAT similar for a similar API should not be that hard on trivial samples.
SQL Injecion attack and I can't undestand...
And again.

* Open Google.
* enter "+sql +injection +attack" as search term.
* Whow - first titem:
SQL Injection Attacks - Are You Safe?
* Third Item:
The alt.2600 / #hack FAQ: What is an SQL Injection Attack
* Fourth Item:
Secure Your ASP.NET Application from a SQL Injection Attack
Hm - you know how to click the hyperlinks, right? Just wondering.

The first title I got links to http://www.sitepoint.com/article/794 and

has a VERY nice explanation of what "crime" you actually commit by your SQL - it basiclly is, if the rest of the application is written as well, an
invitation for every hacker out there to delete your database. THis is a
known attack for years now, and everytime I stumble over someone not knowing what a SQL Injecton attack is I really wonder what planet they live on so
that they do not read current security warnings. SQL Injection attacks are
CRITICAL.

If you can not understand what is in there, you should NOT program databases but should follow the following path:

* Go to a bookshop or a book online website.
* Get a book about SQL, introductory books. The "for Dummies" books are very good (without ANY pun intended - I keep them around for reference here and I really like them) and are pretty thorough and well explained. You could also get some SQL books from Joe Celko (he really rocks in SQL - very good guy)
and last but not least: reading the complete API documentation and
documentation for your database server is a MUST.

Alternatively:
* Get some training in SQL through a training company.

You should take some good advice from this:

* Newsgroups are perfect BUT
* They are no excuse not to do your homework. This includes
* Reading the documentation first, including going through all the
examples you find.
* Using your own brain. This includes getting your way around google.
* They are no excuse for learning your stuff. Reading some good books is a
way more efficient way to get knowledge than running around and asking
questions for which you actually don't have the knowledge to understand the answer.

Newsgroups will nve help you getting the basic knowledge. Te are no
replacement for books and the documentation.

Thomas Tomiczek
THONA Software & Consulting Ltd.
(Microsoft MVP C#/.NET)


Thanks

"Thomas Tomiczek [MVP]" <t.********@thona-consulting.com> escribió en el
mensaje news:uI*************@TK2MSFTNGP11.phx.gbl...
Use....

PARAMETERS.

NEVER EVER put together your SQL like this.

Look up the term "SQL Injecion attack" in google.

Thomas Tomiczek
THONA Software & Consulting Ltd.
(Microsoft MVP C#/.NET)

"Luis" <ll*@telefonica.net> wrote in message
news:uf**************@TK2MSFTNGP12.phx.gbl...
> Hi,
>
> I can a big problem... because I have a byte[] data = new byte[length], and
> I need to save this to a field on my MySQL database (here I have a BLOB > field) but ¿can I save it? because if I put:
> Insert into archiv(ref, databinary) VALUES('"+ref+"', '"+ data+"')
>
> In my Database only save "System.byte[]"
>
> Can Someone help me?
>
> Luis
>
>



Nov 15 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.