dear folks,
i uploaded the image using the following code :
HttpPostedFile myFile = Picture.PostedFile;
int FileLen = myFile.ContentLength;
string FName=Path.GetFileName (myFile.FileName);
string Extn=FName.Remove(0, (FName.LastIndexOf('.')
+1) );
Label2.Text = Extn;
if( FileLen < 400000 )
{
if(( Extn.ToUpper() == "JPEG" || Extn.ToUpper() ==
"JPG" || Extn.ToUpper() == "BMP" || Extn.ToUpper() == "GIF") )
{
byte[] myData = new byte[FileLen];
myFile.InputStream.Read(myData, 0, FileLen);
Image1.Visible=true;
Image1.ImageUrl=Picture.PostedFile.FileName;
string s="insert into hreimage
values(newid(),'"+Session["EMPNO"].ToString()+"','"+myData+"','"+FName
+"','"+FileLen.ToString()+"','"+Extn+"')";
int i=DAL.Connect.SaveData(s);
if(i>-1)
{
Label1.Visible=true;
Label1.Text= "<font color=blue><b>File
Attached Successfully!!<b></font>";
}
else{Label1.Text="the file already
exists";Label1.Visible=true;}
}
else
{
Response.Write("<h2><font Color = Red>It is
not a valid file</font></h2>");
}
}
else
{
Response.Write("The image size is very Big");
}
its working properly..............
but the problem started in my down loading the image: the code is here
below
MemoryStream ms = new MemoryStream();
SqlConnection cn = DAL.Connect.GetConnection();
try
{
cn.Open();
SqlCommand cmd = new SqlCommand("select image from
hreimage where empno = '"+Label1.Text+"'",cn);
byte[] img = (byte[])cmd.ExecuteScalar();
ms.Write(img,0,img.Length);
Bitmap bp = new Bitmap(ms);
Response.ContentType="image/gif";
bp.Save(Response.OutputStream,ImageFormat.Gif);
}
finally
{
cn.Close ();
ms.Close ();
}
it shows the error that invalid parameter used in the red marked line
please help me out in this yaar.........
--
regards
Sarvesh
8  1298 
For those that are in text, what line is "in red"? It (more or less)
compiles OK for me...
Observations:
SqlCommand cmd = new SqlCommand(
"select image from hreimage where empno = '"+Label1.Text+"'",cn);
A clear invite to SQL injection: http://www.xkcd.com/327/
Never [ever] directly concatenate user input into a SQL command. Ever.
A parameter is the normal solution.
Bitmap bp = new Bitmap(ms);
Response.ContentType="image/gif";
bp.Save(Response.OutputStream,ImageFormat.Gif);
If you stored the format (ContentType) with the original binary in the
database, you could simply write the binary direct to the output
stream, without requiring Bitmap [which is *not* supported from
asp.net: http://msdn2.microsoft.com/en-us/lib....drawing.aspx]
Marc
On Oct 15, 8:53 am, maddy <sarvesh....@gmail.comwrote:
....
cn.Open();
SqlCommand cmd = new SqlCommand("select image from
hreimage where empno = '"+Label1.Text+"'",cn);
....
I would start with reading about sql injection.
Which line is the red marked line? (Guess google is removing it)
Looking again, you aren't re-winding the stream. In this scenario
(assuming you don't alter Bitmap etc) the easiest approach is:
byte[] img = (byte[])cmd.ExecuteScalar();
MemoryStream ms = new MemoryStream(img);
Bitmap bp = new Bitmap(ms);
The second line initializes the memory stream with the buffer, but
sets the position to 0. Your original code leaves the position at the
end of the stream, so there is nothing to read. You could also just
add "ms.Position = 0;" after the Write, but the above is tidier.
Another observation: the SqlConnection, MemoryStream, Bitmap and
SqlCommand classes are all IDisposable; you should be "using" them to
ensure that Dispose() is called; this actually simplifies the code
(note the use of Bitmap etc is still bad; I have patched the SQL
injection, though):
using (SqlConnection cn = DAL.Connect.GetConnection())
using (SqlCommand cmd = new SqlCommand("select image from hreimage
where empno = @empno", cn)) {
cmd.Parameters.Add(new SqlParameter("@empno", Label1.Text));
cn.Open();
byte[] img = (byte[])cmd.ExecuteScalar();
using (MemoryStream ms = new MemoryStream(img))
using (Bitmap bp = new Bitmap(ms)) {
Response.ContentType = "image/gif";
bp.Save(Response.OutputStream, ImageFormat.Gif);
}
}
(if you don't mind composite lines, you could reduce further by
removing "img" and "ms"; simple is good, though...)
Marc
Last post (for now ;-p) - if you wanted to switch to the more
efficient stream from the database (without Bitmap), then something
like:
string empNo = Label1.Text;
using (SqlConnection cn = DAL.Connect.GetConnection())
using (SqlCommand cmd = new SqlCommand("select contenttype, image from
hreimage where empno = @empno", cn)) {
cmd.Parameters.Add(new SqlParameter("@empno", empNo));
cn.Open();
using (SqlDataReader reader = cmd.ExecuteReader(
CommandBehavior.SequentialAccess |
CommandBehavior.CloseConnection
| CommandBehavior.SingleResult | CommandBehavior.SingleRow)) {
if (reader.Read()) {
Response.ContentType = reader.GetString(0);
const int BUFFER_SIZE = 8040; // related to SQL page size
byte[] buffer = new byte[BUFFER_SIZE];
long bytes, offset = 0;
while ((bytes = reader.GetBytes(1, offset, buffer, 0,
BUFFER_SIZE)) 0) {
Response.OutputStream.Write(buffer, 0, (int)bytes);
offset += bytes;
}
} else { // no row returned
throw new ArgumentException("Record not found: " + empNo);
}
}
}
On Oct 15, 11:53 am, maddy <sarvesh....@gmail.comwrote:
dear folks,
i uploaded the image using the following code :
HttpPostedFile myFile = Picture.PostedFile;
int FileLen = myFile.ContentLength;
string FName=Path.GetFileName (myFile.FileName);
string Extn=FName.Remove(0, (FName.LastIndexOf('.')
+1) );
Label2.Text = Extn;
if( FileLen < 400000 )
{
if(( Extn.ToUpper() == "JPEG" || Extn.ToUpper() ==
"JPG" || Extn.ToUpper() == "BMP" || Extn.ToUpper() == "GIF") )
{
byte[] myData = new byte[FileLen];
myFile.InputStream.Read(myData, 0, FileLen);
Image1.Visible=true;
Image1.ImageUrl=Picture.PostedFile.FileName;
string s="insert into hreimage
values(newid(),'"+Session["EMPNO"].ToString()+"','"+myData+"','"+FName
+"','"+FileLen.ToString()+"','"+Extn+"')";
int i=DAL.Connect.SaveData(s);
if(i>-1)
{
Label1.Visible=true;
Label1.Text= "<font color=blue><b>File
Attached Successfully!!<b></font>";
}
else{Label1.Text="the file already
exists";Label1.Visible=true;}
}
else
{
Response.Write("<h2><font Color = Red>It is
not a valid file</font></h2>");
}
}
else
{
Response.Write("The image size is very Big");
}
its working properly..............
but the problem started in my down loading the image: the code is here
below
MemoryStream ms = new MemoryStream();
SqlConnection cn = DAL.Connect.GetConnection();
try
{
cn.Open();
SqlCommand cmd = new SqlCommand("select image from
hreimage where empno = '"+Label1.Text+"'",cn);
byte[] img = (byte[])cmd.ExecuteScalar();
ms.Write(img,0,img.Length);
Bitmap bp = new Bitmap(ms);
Response.ContentType="image/gif";
bp.Save(Response.OutputStream,ImageFormat.Gif);
}
finally
{
cn.Close ();
ms.Close ();
}
it shows the error that invalid parameter used in the red marked line
please help me out in this yaar.........
--
regards
Sarvesh
i have error on Bitmap bp = new Bitmap(ms);
error is : it shows the error that invalid parameter used
On Oct 15, 12:39 pm, Dror Gluska <dro...@gmail.comwrote:
On Oct 15, 8:53 am, maddy <sarvesh....@gmail.comwrote:
... cn.Open();
SqlCommand cmd = new SqlCommand("select image from
hreimage where empno = '"+Label1.Text+"'",cn);
...
I would start with reading about sql injection.
Which line is the red marked line? (Guess google is removing it)
______________-
i got error near that Bitmap bp = new Bitmap(ms);
and the error is invalid parameter used
Please clarify whether rewinding the stream (or using the alternative
MemoryStream ctor) helped...
Marc
maddy wrote:
it shows the error that invalid parameter used in the red marked line
Dror Gluska wrote:
>Which line is the red marked line? (Guess google [sic] is removing it)
It's not Google. The OP posted plain text; of course there won't be any "red
marked line". The original post never had a red line for Google to remove.
From the OP's header:
Content-Type: text/plain; charset="iso-8859-1"
--
Lew This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: mike |
last post by:
Hello,
After trying to validate this page for a couple of days now I was
wondering if someone might be able to help me out. Below is a list of
snippets where I am having the errors.
1. Line 334,...
|
by: John Flynn |
last post by:
hi all
i'm going to be quick i have an assignment due which i have no idea how to
do. i work full time so i dont have the time to learn it and its due date
has crept up on me ..
As follows:...
|
by: xunling |
last post by:
i have a question about answering ..... this topic is "need help"
what do i have to write at te topic line, !after i have klicked the
"answer message" button
ive tried many possibilities,...
|
by: sk |
last post by:
I have an applicaton in which I collect data for different parameters
for a set of devices. The data are entered into a single table, each
set of name, value pairs time-stamped and associated with...
|
by: Timothy Shih |
last post by:
Hi, I am trying to figure out how to use unmanaged code using P/Invoke. I
wrote a simple function which takes in 2 buffers (one a byte buffer, one a
char buffer) and copies the contents of the byte...
|
by: Cheryl Langdon |
last post by:
Hello everyone,
This is my first attempt at getting help in this manner. Please
forgive me if this is an inappropriate request.
I suddenly find myself in urgent need of instruction on how to...
|
by: pamelafluente |
last post by:
I am still working with no success on that client/server
problem. I need your help. I will submit simplified versions
of my problem so we can see clearly what is going on.
My model:
A client...
|
by: skumar434 |
last post by:
i need to store the data from a data base in to structure
.............the problem is like this ....suppose there is a data base
which stores the sequence no and item type etc ...but i need only...
|
by: U S Contractors Offering Service A Non-profit |
last post by:
Brilliant technology helping those most in need Inbox
Reply
U S Contractors Offering Service A Non-profit
show details
10:37 pm (1 hour ago)
Brilliant technology helping those most in need ...
|
by: mike |
last post by:
I help manage a large web site, one that has over
600 html pages... It's a reference site for ham radio
folks and as an example, one page indexes over
1.8 gb of on-line PDF documents.
The site...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
