Click here to Skip to main content
15,881,852 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
how can i retrieve pdf files in sql database in

i cant open the pdf files in the sql database using the code

What I have tried:

This is the code. pls help.

Private Sub Btn_view_Click(sender As Object, e As EventArgs) Handles Btn_view.Click
            cmd.Connection = con
            cmd.CommandText = "SELECT * FROM tbl_saln WHERE SALN_ID = " & DGV_SALN.CurrentRow.Cells(0).Value
            adapter.SelectCommand = cmd

            With PDF
                .AxAcroPDF1.src = Application.StartupPath & "\HRIS_PDF\" & table.Rows(0).ItemArray("PDFNAME")
            End With

        Catch ex As Exception
        End Try

    End Sub
Updated 28-Jan-23 23:22pm
Member 15627495 29-Jan-23 3:56am    
            With PDF
                .Show() // too early
                .AxAcroPDF1.src = Application.StartupPath & "\HRIS_PDF\" & table.Rows(0).ItemArray("PDFNAME") 
            End With

            With PDF
                     .AxAcroPDF1.src = Application.StartupPath & "\HRIS_PDF\" & table.Rows(0).ItemArray("PDFNAME") // it's better with src set before .show and .focus

            End With

1 solution

First off, don't do it like that: Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
A perfectly valid "delete the table" command
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?

Secondly, Connections, Commands, and DataAdapters should be Disposed when you are finished with them. THe simplest solution is not to try recycling them as global or class level variables but to create them as needed inside a Using block. That way, when they go out of scope, they are automatically Closed and Disposed.
Your code Disposes of the DataAdapter, but doesn't recreate it - so it'll fail the second time you try to use it with a "Cannot access a disposed object" error.

THe rest of it, we can't tell: we have no access to your DB or your code while it is running - and you need both to even begin working out what the problem might be.
So, it's going to be up to you.
Fortunately, you have a tool available to you which will help you find out what is going on: the debugger. If you don't know how to use it then a quick Google for "Visual Studio debugger" should give you the info you need.

Put a breakpoint on the first line in the function, and run your code through the debugger. Then look at your code, and at your data and work out what should happen manually. Then single step each line checking that what you expected to happen is exactly what did. When it isn't, that's when you have a problem, and you can back-track (or run it again and look more closely) to find out why.

Sorry, but we can't do that for you - time for you to learn a new (and very, very useful) skill: debugging!
Share this answer

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900