Display image from database to picturebox

Question

0.00/5 (No votes)

See more:

I made a qr code scanner and when it successfully detects the qr it will show the qrcode into the txtDecode.text(textbox) then it'll show the data from the database. I want my image to be included when the qr is detected

What I have tried:

sqlCon.Open();

String sqlSelectQuery = "SELECT * FROM SMStocksTb WHERE SmStockCode = " + int.Parse(txtDecode.Text);
SqlCommand cmd = new SqlCommand(sqlSelectQuery, sqlCon);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
lblID.Text = (dr["SmStockId"].ToString());
lblCode.Text = (dr["SmStockCode"].ToString());
lblName.Text = (dr["SmStockName"].ToString());
lblQty.Text = (dr["SmStockQty"].ToString());
lblSize.Text = (dr["SmStockSize"].ToString());
lblLength.Text = (dr["SmStockLength"].ToString());

}
sqlCon.Close();

Posted 17-Jul-18 2:46am

Member 13894029

Updated 17-Jul-18 4:44am

Add a Solution

Comments

Richard MacCutchan 17-Jul-18 9:42am

What is the problem?

Richard Deeming 17-Jul-18 11:25am

String sqlSelectQuery = "SELECT * FROM SMStocksTb WHERE SmStockCode = " + int.Parse(txtDecode.Text);

Don't do it like that.

In this specific instance, since the parameter is parsed as an integer, you're safe. But writing code like that can and will lead to SQL Injection vulnerabilities. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

string sqlSelectQuery = "SELECT * FROM SMStocksTb WHERE SmStockCode = @SmStockCode";
using (SqlCommand cmd = new SqlCommand(sqlSelectQuery, sqlCon))
{
    cmd.Parameters.AddWithValue("@SmStockCode", int.Parse(txtDecode.Text));
    
    using (SqlDataReader dr = cmd.ExecuteReader())
    {
        if (dr.Read())
        {
           ...
        }
    }
}

NB: int.Parse will throw an exception if the user hasn't typed in an integer. You probably want to use int.TryParse[^] instead, which will let you report a problem to the user if the text isn't a valid integer.

Member 13894029 17-Jul-18 19:14pm

I'll change it right away, thank you @Richard Deeming for the tip.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Eric Lynch · Accepted Answer · 2018-07-17T04:45:00

Solution 1

Try this (where you replace SmImageColumnName with the actual column name)...

byte[] imageBytes = dr["SmImageColumnName"] as byte[];

if (imageBytes != null)
{
  using(var stream = new MemoryStream(imageBytes))
    pictureBox.Image = Image.FromStream(stream);
}

Posted 17-Jul-18 4:45am

Eric Lynch

Updated 17-Jul-18 4:46am

v2

Comments

Member 13894029 17-Jul-18 11:13am

@Eric Lynch thank you very much, it worked! :)

Eric Lynch 17-Jul-18 12:19pm

You're very welcome. I also suggest checking out Richard Deeming's comment to your question. Otherwise, your application is potentially a very easy target for hackers.