Missing operator in query expression 'system.byte[]'

Question

1.00/5 (1 vote)

See more:

what is the operator for byte[] in query?
i know single quotes' ' for string, hashtag # # for date so what for byte[] array
I have c# form with access database and i try update image passing it as byte []

What I have tried:

i could insert it using tableAdapter newRow like

NewRow.Add["column name"]=image;

but i need to make update of it in certain row matches certain WHERE condition????

Posted 12-Mar-22 13:28pm

Ism Oss

Updated 12-Mar-22 18:48pm

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Dave Kreskowiak · Accepted Answer · 2022-03-12T18:48:00

Solution 1

Since we have no idea what your query looks like, it's pretty much impossible to give you a definitive answer to anything.

But, I will say this. You should not be using a byte array in a WHERE clause.

Posted 12-Mar-22 18:48pm

Dave Kreskowiak

Comments

Ism Oss 13-Mar-22 15:19pm

byte[] image=imagetobyte(picturebox1.Image);

String sqltext="update [table] set [column]="+image+" where id='"+Textbox1.Text+"'";

Note:imagetobyte() is own method

Dave Kreskowiak 13-Mar-22 15:49pm

Do not do it like that. Use parameterized queries only.

I'm typing this from memory, so it may not compile without fixes.

string sqltext = "UPDATE [table] set [column]=? WHERE id=?";

// These must be added in the order they appear in the query string OleDbParameter imageParameter = new OleDbParameter("@image", OleDbType.VarBinary, image.Length);
parameter.Value = command.Parameters.Add(imageParameter);

// This is a bad idea. You're not vetting the value of the TextBox before using it.
command.Parameters.AddWithValue("@id", TextBox1.Text);

Ism Oss 13-Mar-22 20:13pm

still have -> Additional information: Syntax error (missing operator) in query expression 'System.Byte[]'.

my code->
using (OleDbCommand cmdimage = new OleDbCommand("update PatientVisit set Barcode = "+ Exportimage+" where DNo =" + Convert.ToInt32(DNo.Text) + " and VDate like '" + VDate.Text + "'",helper.con))
{
cmdimage.Parameters.Add("Barcode",OleDbType.VarBinary);
cmdimage.Parameters["Barcode"].Value = Exportimage;

cmdimage.ExecuteNonQuery();

}

also tried AddWithValue

Dave Kreskowiak 13-Mar-22 21:21pm

Same thing. PARAMETERIZED QUERIES.

What you're doing to build a SQL query is called "string concatenation" and it's the number one cause of SQL errors and the destruction of databases. Google for "SQL Injection Attack" to see why.

You may have added parameter objects, but you failed to use parameters in the actual query statement.

string query = "UPDATE PatientVisit SET Barcode=? WHERE DNo=? AND VDate=?";
// NEVER store dates as Text!!
using (OleDbCommand cmd = new OldDbCommand(query, helper.con))
{
    // You cannot use AddWithValue with a binary type.
    cmd.Parameters.Add("Barcode",OleDbType.VarBinary);
    cmd.Parameters["Barcode"].Value = Exportimage;

    // Again, you MUST verify user input before using it!
    // Treat it like the spawn of Satan that it is.
    int dno;
    bool success = int.TryParse(DNo.Text, out dno);
    if (success)
    {
        cmd.Parameters.AddWithValue("@dno", dno);
    }
    
    DateTime vdate;
    success &= DateTime.TryParse(VDate.Text, out vdate);
    if (success)
    {
        cmd.Parameters.AddWithValue("@VDate", vdate);
    }

    if (success)
    {
        cmd.ExecuteNonQuery();
    }
    else
    {
        // Parsing failed somewhere so you're not executing the query.
    }
}

Ism Oss 14-Mar-22 20:30pm

thanks this worked with me