Click here to Skip to main content
14,733,890 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Dear sir\mam

I am fresher web developer in asp.net with C# .I want to show image and save it in a database. This is my code .
But there one Error in this code . Error is that:
("Must declare the scalar variable "@Img".Must declare the scalar variable "@@ImgID" ").
Please help any one and any other simple way of save image and show it.

Thank's in advance

public class ShowIamge : IHttpHandler
{
    SqlConnection con = new SqlConnection();
    SqlCommand cmd = new SqlCommand();
    
    public void ProcessRequest(HttpContext context)
    {
        Int32 Id1;
        if (context.Request.QueryString["ImgID"] != null)
            Id1 = Convert.ToInt32(context.Request.QueryString["ImgID"]);
         else
        throw new ArgumentException("No parameter pecified");           
        context.Response.ContentType ="image/jpeg";
        Stream strm = ShowImage(Id1);
        byte[] buffer = new byte[4096];
        int byteSeq = strm.Read(buffer,0, 4096);
          while (byteSeq > 0)
        {
            context.Response.OutputStream.Write(buffer, 0, byteSeq);
            byteSeq = strm.Read(buffer, 0, 4096);
        }
    }
    public Stream ShowImage (int Id1)
    {
        SqlConnection con = new SqlConnection(); 
con =new SqlConnection("Server=PC-5\\SQLEXPRESS; database=imagedate; Integrated Security=True");  
        string sql =("Select Image From image where ImgID=@Id1");
        cmd = new SqlCommand(sql,con);
        cmd.CommandType=CommandType.Text;   
        cmd.Parameters.AddWithValue("@ImgID",Id1);
        con.Open();     
        object img = cmd.ExecuteScalar();

     try
        {
            return new MemoryStream((byte[])img);
        }
        catch
        {
            return null;
        }
        finally
        {
            con.Close();
        }
    }
  public bool IsReusable
    {
       get
        {
        return false;
        }
   }
 }
 protected void Btnok_Click1(object sender, EventArgs e)
    {
        con = null;
        con = new SqlConnection("Server=PC-5\\SQLEXPRESS; database=imagedate; Integrated Security=True");
        con.Open();
        FileUpload img = (FileUpload)imgUpload;
        Byte[] imgByte = null;
        if (img.HasFile && img.PostedFile != null)
        {
            HttpPostedFile File = imgUpload.PostedFile;
            imgByte = new Byte[File.ContentLength];
            File.InputStream.Read(imgByte, 0, File.ContentLength);
        }
        string sql = "INSERT INTO image (Image) VALUES (@Img) SELECT @@ImgID";
        SqlCommand cmd = new SqlCommand(sql, con);
        cmd.Parameters.AddWithValue("@Image", imgByte);
        //cmd.Parameters.AddWithValue("@name", txtEName.Text);
        int ImgID = Convert.ToInt32(cmd.ExecuteScalar());
        con.Close();
       Image1.ImageUrl = "~/ShowIamge.ashx?ImgID=" + ImgID; 
    }
Posted
Updated 22-Dec-18 7:06am
v2
Comments
Tarun.K.S 28-Dec-10 3:01am
   
Wrap your code with the <pre> </pre> tags.

In order to insert a row into the database and get the newly inserted ID, you need to execute the following steps:

1. Use cmd.ExecuteNonQuery() to execute insert operation (Instead of ExecuteScaler().

2. Execute another SQL statement "SELECT SCOPE_IDENTITY()" and use ExecuteScaler() to get the newly inserted ID.

I would recommend you to create a Stored Procedure to carry out the overall task. Following is a very simple stored procedure which does that:

CREATE PROCEDURE dbo.SAVE_TEMPLATE(
    @Id INT
    , @Name varchar(255)
    , @GeneratedID INT OUTPUT
)
AS
BEGIN
        -- New Record, So insert it into the dbo.Templates
        INSERT INTO dbo.Table (Name)
        VALUES(@Name);
        SET @GeneratedID = SCOPE_IDENTITY();
END


Hope this helps.
   
DEAR I WAS HAVING SAME PROJECT AND SAME ISSUE BUT I SOLVED IT. YOU CAN ALSO TRY COPY AND PASTE MY CODE IN "INSERT BUTTON"
SqlCommand command = new SqlCommand("INSERT INTO  myimages(id,name,description,image)VALUES('" + textBoxID.Text + "','" + textBoxNAME.Text + "','" +textBoxdescription.Text + "',@img) ", connection);
            command.Parameters.Add(new SqlParameter("@img", img));
            connection.Open();
            if(command.ExecuteNonQuery() == 1)
            {
                MessageBox.Show("Data Inserted Successfully");
            } else
           {
               MessageBox.Show("Query not Executed");
           }
           connection.Close();
   
Comments
CHill60 23-Dec-18 17:35pm
   
Reason for my down vote... your code is vulnerable to sql injection attack. Never concatenate strings from user input to create sql queries.
Also, there is no need to SHOUT. Using all capitals is considered to be shouting on internet forums and is rude.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900