1

我有一个数据库表,其中包含两个类型为 varbinary(max) 的字段,用于存储文件。

但是,我无法按预期上传文件。我为这个问题困扰了很长时间,我不确定我能做些什么来解决它。有一条错误消息:

An exception of type 'System.Data.SqlClient.SqlException' occurred in
System.Data.dll but was not handled in user code
Additional information: Incorrect syntax near the keyword 'title'.

我必须在ASP.NET 中实现 3 层架构。

数据访问层

public class Submission { 

  private string _title;
  private byte[] _slides, _codes;

  //Connection string 
  private string _connStr = Properties.Settings.Default.DBConnStr;

  public Submission(string title, byte[] slides, byte[] codes) {
  _title = title;
  _slides = slides;
  _codes = codes;
  }

  //UPLOAD files
  public int SubmissionInsert()
  {
          string queryStr = "INSERT INTO Submission(title,slides,codes)" +
              "VALUES('" +
              _title + "', '" +
              _slides + "', '" +
              _codes + "')";

          SqlConnection con = new SqlConnection(_connStr);
          SqlCommand cmd = new SqlCommand(queryStr, con);

          con.Open();
          int nofRow = 0;
          nofRow = cmd.ExecuteNonQuery();

          con.Close();

          return nofRow;
  }
}

业务逻辑层

public class SubmissionBLL
{
    public string submissionUpload(string title, byte[] slides, byte[] codes)
    {
        string returnValue = "";

        if (title.Length == 0)
            returnValue+= "Title cannot be empty";
        if (slides == null)
            returnValue += "Slides cannot be empty";
        if (codes == null)
            returnValue += "Codes cannot be empty";

        //if there are no errors
        if (returnValue.Length == 0)
        {
            Submission sub = new Submission(title,slides,codes);

            int nofRows = 0;
            nofRows = sub.SubmissionInsert();

            if (nofRows > 0)
                returnValue = "Submission is successful!";
            else
                returnValue = "Submission failure. Please try again.";
        }

        return returnValue;
  }

表示层 - 代码隐藏

 protected void btn_submit_Click(object sender, EventArgs e)
    {
        string input = "";
        byte[] slideArr = null, codeArr= null;

        string strTestFilePath, strTestFileName, strContentType;
        Int32 intFileSize, intFileLength;
        Stream strmStream;

        if (f_codes.HasFile)
        {
                strTestFilePath = f_codes.PostedFile.FileName;
                strTestFileName = Path.GetFileName(strTestFilePath);
                intFileSize = f_codes.PostedFile.ContentLength;
                strContentType = f_codes.PostedFile.ContentType;

                //Convert the source codes file to byte stream to save to database
                strmStream = f_codes.PostedFile.InputStream;
                intFileLength = (Int32)strmStream.Length;
                codeArr = new byte[intFileLength + 1];
                strmStream.Read(codeArr, 0, intFileLength);
                strmStream.Close();

        }

         if (f_slide.HasFile)
        {
                strTestFilePath = f_slide.PostedFile.FileName;
                strTestFileName = Path.GetFileName(strTestFilePath);
                intFileSize = f_slide.PostedFile.ContentLength;
                strContentType = f_slide.PostedFile.ContentType;

                strmStream = f_slide.PostedFile.InputStream;
                intFileLength = (Int32)strmStream.Length;
                slideArr = new byte[intFileLength + 1];
                strmStream.Read(slideArr, 0, intFileLength);
                strmStream.Close();
            }

         //Pass to BLL
         input = sub.submissionUpload(tb_title.Text,slideArr,codeArr);
         //Display error messages
         lbl_message.Text = input;
    }

我尝试使用 IntelliTrace 进行调试,它显示一条消息

ADO.NET:执行非查询“插入提交(标题,幻灯片,代码)VALUES('我的节水项目','System.Byte []','System.Byte []')”

我这样做正确吗?我尝试运行,异常错误仍然存​​在。

string queryStr = "INSERT INTO Submission(title,slides,codes)" + "VALUES('"+
            _title + "', '" +
           "0x" + BitConverter.ToString(_slides).Replace("-", "")+ "', '" +
           "0x" + BitConverter.ToString(_codes).Replace("-", "")  + "')";
4

3 回答 3

1

"0x" + BitConverter.ToString(_slides).Replace("-", "")+ "', '" +

您不应该将字节转换为字符串。相反,您想使用参数化查询(以避免 sql 注入)并将这些字节数组直接插入数据库。

public int SubmissionInsert(string title, byte[] slides, byte[] codes)
{
    int nofRow;
    string query = "INSERT  INTO Submission ( title, slides, codes )" +
                    "VALUES  ( @Title, @Slides, @Codes );";

    using (var con = new SqlConnection(_connStr))
    {
        con.Open();
        using (var cmd = new SqlCommand(query, con))
        {
            cmd.CommandType = CommandType.Text;
            cmd.Parameters.AddWithValue("@Title", title);
            cmd.Parameters.AddWithValue("@Slides", slides);
            cmd.Parameters.AddWithValue("@Codes", codes);
            nofRow = cmd.ExecuteNonQuery();
        }
    }
    return nofRow;
}
于 2015-01-16T20:21:18.490 回答
0

您的问题在于类型转换。如果您将值作为字符串插入(并且您使用的是那些单引号),则需要插入 HEX 值,并在其前面加上 0x。

这应该可以帮助您: "0x" + BitConverter.ToString(byteArray).Replace("-", "")

于 2015-01-16T19:24:14.050 回答
0 
I also got the same error when I am uploading doc USING ADO.NET and Storedproc.

I am using stored proc to upload word file to the table's column type varbinary(max).
There are so many examples with insert query to insert document but my scenario was stored proc. I spent lot of time in figuring out the solution. 

Stored Proc:`Alter PROC [dbo].[usp_GMS_SaveEngagementDocument](
        @pDocumentID INT=0,
        @pEngagementID INT,
        @pDocumentName NVARCHAR(100),
        @pContentType NVARCHAR(100),
        @pDocumentType NVARCHAR(100),
        @pDocumentContent VARBINARY(max)=null,
       @pUserID INT)
AS
BEGIN
--INSERT
END`



SOLUTION:

    param = new SqlParameter();
                param.ParameterName = "@pDocumentContent";
                param.Direction = ParameterDirection.Input;
                param.Value = document.DocumentContent;
                param.DbType = DbType.Binary;
                param.SqlDbType = SqlDbType.Binary;
                paramList.Add(param);



Setting SQLDBType as Binary and DbType as Binary solved my problem In calling stored proc.

END
于 2019-12-13T07:44:02.697 回答