在asp.net Web应用程序(不是MVC)中,我只是尝试从数据库存储和获取图像,我希望图像存储完美,但在检索时,我只看到一个空框。 让我给出下面的代码
aspx 文件
<asp:Content ID="Content2" ContentPlaceHolderID="MainContent" runat="server">
<%--<img runat="server" id ="im" src="./"/>--%>
<asp:Image runat="server" id="imm" height="500px" Width="500px"/>
</asp:Content>
aspx.cs 文件
public partial class Dashboard : System.Web.UI.Page
{
MySqlConnection connection;
byte[] fileBytes;
string connectionString;
protected void Page_Load(object sender, EventArgs e)
{
string connectionString = "server=localhost;user=root;password=root;database=eshopping;";
MySqlConnection connection = new MySqlConnection(connectionString);
string query = "SELECT image FROM products WHERE id=3";
MySqlCommand command = new MySqlCommand(query, connection);
try
{
connection.Open();
// Execute the query to fetch the image data
object imageData = command.ExecuteScalar();
if (imageData != null)
{
// Convert the binary image data to a base64-encoded string
string base64String = Convert.ToBase64String((byte[])imageData);
// Set the src attribute of the im element with the base64-encoded string
imm.ImageUrl = "data:image/jpeg;base64," + base64String;
}
}
catch (Exception ex)
{
// Handle any exceptions
// For example, you can log the error or display a message to the user
System.Console.WriteLine(ex.ToString());
}
finally
{
// Close the database connection
connection.Close();
}
}
}
下面是我存储图像的方式,我在这里犯了什么错误吗?
protected void btnUpload_Click(object sender, EventArgs e)
{
string name = Name.Text;
string price = TextBox1.Text;
string quantitqnty = TextBox2.Text;
string description = dis.Value.ToString();
if (fileUploadImage.HasFile && price!="" && quantitqnty!="" && description !="")
{
fileBytes = fileUploadImage.FileBytes;
string query = "insert into products (name,price,quantity,discription,image) values ('"+name+"','"+price+"','"+quantitqnty+"','"+description+"','"+fileBytes+"')";
MySqlCommand command = new MySqlCommand(query, connection);
connection.Open();
command.ExecuteNonQuery();
connection.Close();
ScriptManager.RegisterStartupScript(this, this.GetType(), "alert", "alert('Image Selected to upload');", true);
Name.Text = "";
TextBox1.Text = "";
TextBox2.Text = "";
dis.Value = "";
Response.Redirect(Request.Url.AbsoluteUri);
}
else
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "alert", "alert('Select a image');", true);
}
}
当我在 sql workbench 中看到数据时,它只是将其显示为 BLOB
我不能对插入命令的字节数组使用字符串连接。
因此,您应该使用参数安全 SQL 来防止 SQL 注入,但更重要的是要确保保存字节数组。
将字节数组直接放入字符串中以用于插入命令?
在大多数情况下不起作用,因为此类二进制数据通常具有表示“字符串结尾”的字符,例如 ctrl-z,甚至是表示空终止字符串的 char(0)。因此,您不能使用简单的字符串将二进制数据插入数据库。
因此,请使用该插入的参数。
这是航空代码,但应该很接近:
protected void btnUpload_Click(object sender, EventArgs e)
{
if (fileUploadImage.HasFile && price != "" && quantitqnty != "" && description != "")
{
byte[] fileBytes = fileUploadImage.FileBytes;
string query =
@"insert into products (name,price,quantity,discription,image)
values (@name, @price,@qty,@descript, @fileBytes)";
using (MySqlConnection conn = new MySqlConnection(Properties.Settings.Default.MyDB))
{
conn.Open();
using (MySqlCommand cmdSQL = new MySqlCommand(query, conn))
{
cmdSQL.Parameters.Add("@name", MySqlDbType.String).Value = Name.Text;
cmdSQL.Parameters.Add("@price", MySqlDbType.Decimal).Value = TextBox1.Text;
cmdSQL.Parameters.Add("@qty", MySqlDbType.Int32).Value = TextBox2.Text;
cmdSQL.Parameters.Add("@descript", MySqlDbType.String).Value = dis.Value.ToString();
cmdSQL.Parameters.Add("@fileBytes", MySqlDbType.Blob).Value = fileBytes;
cmdSQL.ExecuteNonQuery();
}
}
// ScriptManager.RegisterStartupScript(this, this.GetType(), "alert", "alert('Image Selected to upload');", true);
//Name.Text = "";
//TextBox1.Text = "";
//TextBox2.Text = "";
//dis.Value = "";
// above code makes ZERO sennse if you going to have a redirect
// (and above code will never run with a re-direct anyway)
Response.Redirect(Request.Url.AbsoluteUri);
}
}