Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: SQL-server-2005 C# XML
How We can insert image into sql server 2005 from xml through c# gui.
 
when we tried to insert image the following error has shown
"input string was not in corect format.
 
Our Code is
 
{
           try
            {
                string connetionString = null;
                SqlConnection connection;
                SqlCommand command;
                SqlDataAdapter adpter = new SqlDataAdapter();
                DataSet ds = new DataSet();
                XmlReader xmlFile;
                string sql = null;
                string regno = null;
                string name = null;
                string wife = null;
                string child1 = null;
                string child2 = null;
                string child3 = null;
                string child4 = null;
                string child5 = null;
                double phone_no = 0;
                string address = null;
                string add_info = null;
                string place = null;
                string email = null;
                string amem = null;
                int contri = 0;
                string laup = null;
                byte img = 0;
              connetionString = "data source=.\\SQLEXPRESS;initial catalog=prince;integrated security=true";
               connection = new SqlConnection(connetionString);
                xmlFile = XmlReader.Create("C:\\Xml Folder\\ChurchXml Folder\\church.xml", new XmlReaderSettings());
                ds.ReadXml(xmlFile);
                int i = 0;
                connection.Open();
                for (i = 0; i <= ds.Tables[0].Rows.Count - 1; i++)
                {
                    regno =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[0]);
                    name =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[1]);
                    wife =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[2]);
                    child1 =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[3]);
                    child2 = Convert.ToString(ds.Tables[0].Rows[i].ItemArray[4]);
                    child3 =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[5]);
                    child4 =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[6]);
                    child5 =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[7]);
                    phone_no = Convert.ToDouble(ds.Tables[0].Rows[i].ItemArray[8]);
                    address =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[9]);
                    add_info =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[10]);
                    place =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[11]);
                    email =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[12]);
                    amem =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[13]);
                    contri = Convert.ToInt32(ds.Tables[0].Rows[i].ItemArray[14]);
                    laup =Convert.ToString( ds.Tables[0].Rows[i].ItemArray[15]);
                    img = Convert.ToByte(ds.Tables[0].Rows[i].ItemArray[16]);
                    sql = "insert into church values(" + "'" + regno + "'," + "'" + name + "'," + "'" + wife + "'," + "'" + child1 + "'," + "'" + child2 + "'," + "'" + child3 + "'," + "'" + child4 + "'," + "'" + child5 + "'," + phone_no + ",'" + address + "'," + "'" + add_info + "'," + "'" + place + "'," + "'" + email + "'," + "'" + amem + "'," + contri  + ",'" + laup + "'," + img + ")";
                    command = new SqlCommand(sql, connection);
                    adpter.InsertCommand = command;
                    adpter.InsertCommand.ExecuteNonQuery();
                }
                connection.Close();
                MessageBox.Show("Done .. ");
            }
            catch (Exception ee)
            {
             MessageBox.Show(ee.Message);
            }
        
Posted 1-Feb-12 5:07am

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Looking at your code, I'm concerned that you have left yourself wide open to a SQL Injection attack. Although it's traditionally associated with web sites, forms applications are equally vulnerable. You really need to have a read of SQL Injection Attacks and Some Tips on How to Prevent Them[^] by Colin Mackay to get a deeper understanding of them.
 
One thing that I would question, as well, is whether you have all the fields you need for the church table. As you don't explicitly say what columns you are expecting, your query will attempt to insert the fields you specify into that table, in exactly the order you specified them. So, for instance, if you have an identity column, you'll actually be attempting to insert a string (regno) into that column.
  Permalink  
Comments
thatraja at 1-Feb-12 11:29am
   
Right, 5!

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 Kornfeld Eliyahu Peter 169
1 Zoltán Zörgő 139
2 George Jonsson 135
3 PIEBALDconsult 130
4 OriginalGriff 120
0 OriginalGriff 6,165
1 DamithSL 4,658
2 Maciej Los 4,107
3 Kornfeld Eliyahu Peter 3,649
4 Sergey Alexandrovich Kryukov 3,342


Advertise | Privacy | Mobile
Web03 | 2.8.141220.1 | Last Updated 27 Mar 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100