值插入SQL服务器

Question

private void button2_Click(object sender, EventArgs e) 
{ 
     // my sql server connection 
     con = new SqlConnection(@"Data Source=dasranrajlui\sqlexpress;Initial Catalog=SESoriginal;Integrated Security=True"); 

     con.Open(); 

     // this is to save my values to sql 
     com = new SqlCommand(" insert into VoterRegistration (SALUTATION, NAME, SEX, ETHNICITY, MARITALSTATUS, ICNUMBER, HPNUMBER, DOB, ADDRESS, STATE, CITY, POSTCODE, VoterPic) VALUES ('" 
             + SALUTATION.Text + "','" 
             + NAME.Text + "','" 
             + SEX.Text + "','" 
             + ETHNICITY.Text + "','" 
             + MARITALSTATUS.Text + "','" 
             + ICNUMBER.Text + "','" 
             + HPNUMBER.Text + "','" 
             + DOB.Text + "','" 
             + ADDRESS.Text + "','" 
             + STATE.Text + "','" 
             + CITY.Text + "','" 
             + POSTCODE.Text + "'," 
             + "@VoterPic" + ")", con); 

     conv_photo(); 

     try 
     { 
      com.ExecuteNonQuery(); 
      MessageBox.Show("Registered..."); 

      // return back to admin page after registered 
      this.Hide(); 
      AdminVoterREUP RETURNTOREUP = new AdminVoterREUP(); 
      RETURNTOREUP.Show(); ; 
     } 
     catch (Exception EX) 
     { 
      MessageBox.Show(EX + "Not Registered"); 
     } 
     finally 
     { 
      con.Close(); 
     } 
} 

void conv_photo() 
{ 
     //to convernt my image 
     if (VOTERPIC.Image != null) 
     { 
      ms = new MemoryStream(); 
      VOTERPIC.Image.Save(ms, ImageFormat.Jpeg); 
      byte[] photo_aray = new byte[ms.Length]; 
      ms.Position = 0; 
      ms.Read(photo_aray, 0, photo_aray.Length); 
      com.Parameters.AddWithValue("@VoterPic", photo_aray); 
     } 
    } 
} 

当我运行这段代码我得到一个错误：

System.Data.SqlClient.SqlExeption (0x80131904): Must declare the scalar variable "@VoterPic".

voterPic是SQL Server来存储我的形象我的列名，我也叫我的PictureBox为VOTERPIC。

任何人都可以帮助我吗？

Answer 1

首先你需要你的图像转换成字节数组，然后添加字节作为参数

com.Parameters.Add("@VoterPic",System.Data.SqlDbType.VarBinary).Value = ImageBytes; 

Answer 2

首先，你应该使用SQL参数来防止SQL注入：

// my sql server connection 
var con = new SqlConnection(@"Data Source=dasranrajlui\sqlexpress;Initial Catalog=SESoriginal;Integrated Security=True"); 

con.Open(); 

// this is to save my values to sql 
var com = new SqlCommand(@"insert into VoterRegistration (
     SALUTATION, 
     NAME, 
     SEX, 
     ETHNICITY, 
     MARITALSTATUS, 
     ICNUMBER, 
     HPNUMBER, 
     DOB, 
     ADDRESS, 
     STATE, 
     CITY, 
     POSTCODE, 
     VoterPic) VALUES (
     @Salutation, 
     @Name, 
     @Sex, 
     @Ethnicity, 
     @MaritalStatus, 
     @ICNumber, 
     @HPNumber, 
     @Dob, 
     @Address, 
     @State, 
     @City, 
     @PostCode 
     @VoterPic)", con); 

com.CommandType = CommandType.Text; 

com.Parameters.AddWithValue("@Salutation", SALUTATION.Text); 
com.Parameters.AddWithValue("@Name", NAME.Text); 
com.Parameters.AddWithValue("@Sex", SEX.Text); 
com.Parameters.AddWithValue("@Ethnicity", ETHNICITY.Text); 
com.Parameters.AddWithValue("@MaritalStatus", MARITALSTATUS.Text); 
com.Parameters.AddWithValue("@ICNumber", ICNUMBER.Text); 
com.Parameters.AddWithValue("@HPNumber", HPNUMBER.Text); 
com.Parameters.AddWithValue("@Dob", DOB.Text); 
com.Parameters.AddWithValue("@Address", ADDRESS.Text); 
com.Parameters.AddWithValue("@State", STATE.Text); 
com.Parameters.AddWithValue("@City", CITY.Text); 
com.Parameters.AddWithValue("@PostCode", POSTCODE.Text); 

然后，在conv_photo()，你需要通过更换指定的参数类型：

com.Parameters.AddWithValue("@VoterPic", photo_aray); 

为：

com.Parameters.Add("@VoterPic", SqlDbType.VarBinary, photo_aray.Length).Value = photo_aray;