Click here to Skip to main content
15,881,600 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Dear All,
Upload multiple images using asp.net

Here uploading with images working properly but select one image not working please reply me any another way or examples.

C#
protected void btnPostAd_Click(object sender, EventArgs e)
    {
        if (ddlCategoryType.SelectedItem.Text != "--Select--")
        {
            if (FileUpload1.PostedFile.ContentLength != 0 && FileUpload2.PostedFile.ContentLength != 0)
            {
                string strimage = @"~\ProductImage\" + FileUpload1.FileName;
                string strimage2 = @"~\ProductImage\" + FileUpload2.FileName;
                FileUpload1.PostedFile.SaveAs(Server.MapPath(strimage));
                FileUpload2.PostedFile.SaveAs(Server.MapPath(strimage2));
                SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
                String strInsert = "insert into ProductDetailsTable1(CategoriesType,Title,Description,State,City,ContactPhoto,ContactSPhoto,Price,ContactName,ContactEmail,ContactMobile) values('" + ddllist.Text + "','" + txtTitle.Text + "','" + txtDescription.Text + "','" + ddlState.SelectedItem.Text + "','" + ddlCity.SelectedItem.Text + "','" + strimage + "','" + strimage2 + "','" + txtPrice.Text + "','" + txtContactName.Text + "','" + txtContactEmail.Text + "','" + txtContactMobile.Text + "',)";
                SqlCommand cmd = new SqlCommand(strInsert, con);
                try
                {
                    con.Open();
                    cmd.ExecuteNonQuery();
                    
                    ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Posted Successfully')", true);
                    
                }
                catch (SqlException ex)
                {
                    string errorMessage = "Error in entering competition";
                    errorMessage += ex.Message;
                    throw new Exception(errorMessage);
                }
                finally
                {
                    con.Close();
                }
                Clear();
            }
            else
            {
                    string strimage = "NoImage.jpg";
                    string strimage2 = "NoImage.jpg";
                    SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
                    String strInsert = "insert into ProductDetailsTable1(CategoriesType,Title,Description,State,City,ContactPhoto,ContactSPhoto,Price,ContactName,ContactEmail,ContactMobile) values('" + ddllist.Text + "','" + txtTitle.Text + "','" + txtDescription.Text + "','" + ddlState.SelectedItem.Text + "','" + ddlCity.SelectedItem.Text + "','" + strimage + "','" + strimage2 + "','" + txtPrice.Text + "','" + txtContactName.Text + "','" + txtContactEmail.Text + "','" + txtContactMobile.Text + "')";
                    SqlCommand cmd = new SqlCommand(strInsert, con);
                    try
                    {
                        con.Open();
                        cmd.ExecuteNonQuery();
                        
                        ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Posted Successfully')", true);
                        
                    }
                    catch (SqlException ex)
                    {
                        string errorMessage = "Error in entering competition";
                        errorMessage += ex.Message;
                        throw new Exception(errorMessage);
                    }
                    finally
                    {
                        con.Close();
                    }
                    Clear();
                }
        }
        else
        {
            ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Select CategoryType')", true);
        }
    }}
Posted
Updated 16-Sep-14 6:05am
v4
Comments
[no name] 15-Sep-14 7:55am    
Learn how to use the debugger and you will see what the problem is. And you should do some research on SQL injection attacks and why your query is bad.
Suvabrata Roy 15-Sep-14 7:59am    
Yes Wes, and also on coding stander
member1431 15-Sep-14 8:01am    
Dear Adey,
here in database fields given contactphoto and contactsphoto

and here storing sepearetely, with images working properly but with one image and without image not storing


here sql query working fine please check and reply me please Adey
member1431 15-Sep-14 8:04am    
any examples reply me
@p@richit 15-Sep-14 8:00am    
keep in mind that adding the argument directly in the query is a bad practice and makes code vulnarable to attacks (SQL injections for example)

try this

HttpFileCollection hfc = Request.Files;
 for (int i = 0; i < hfc.Count; i++)
       {
           HttpPostedFile hpf = hfc[i];
           if (hpf.ContentLength > 0)
           {
               string FileName = hpf.FileName;
                   hpf.SaveAs(SavePath + "\\" + Path.GetFileName(FileName));

           }
           }



HttpFileCollection Provides access to and organizes files uploaded by a client.
 
Share this answer
 
v2
Just Copy & Paste This code on Your Page .. Defiantly it will Run

C#
if (ddlCategoryType.SelectedItem.Text != "--Select--")
        {
            string strimage2 = "NoImage.jpg";
            string strimage = "NoImage.jpg";
            if (FileUpload1.PostedFile.ContentLength != 0)
            {
                strimage= @"~\ProductImage\" + FileUpload1.FileName;
                FileUpload1.PostedFile.SaveAs(Server.MapPath(strimage));
            }
            if (FileUpload2.PostedFile.ContentLength != 0 ) 
            {
                strimage2 = @"~\ProductImage\" + FileUpload2.FileName;
                FileUpload1.PostedFile.SaveAs(Server.MapPath(strimage2));

            }
            if(FileUpload1.HasFile || FileUpload2.HasFile)
            {
                SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
                String strInsert = "insert into ProductDetailsTable1(CategoriesType,Title,Description,State,City,ContactPhoto,ContactSPhoto,Price,ContactName,ContactEmail,ContactMobile) values('" + ddllist.Text + "','" + txtTitle.Text + "','" + txtDescription.Text + "','" + ddlState.SelectedItem.Text + "','" + ddlCity.SelectedItem.Text + "','" + strimage + "','" + strimage2 + "','" + txtPrice.Text + "','" + txtContactName.Text + "','" + txtContactEmail.Text + "','" + txtContactMobile.Text + "',)";
                SqlCommand cmd = new SqlCommand(strInsert, con);
                try
                {
                    con.Open();
                    cmd.ExecuteNonQuery();

                    ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Posted Successfully')", true);

                }
                catch (SqlException ex)
                {
                    string errorMessage = "Error in entering competition";
                    errorMessage += ex.Message;
                    throw new Exception(errorMessage);
                }
                finally
                {
                    con.Close();
                }
                
            }
            else
            {
                 
                SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
                String strInsert = "insert into ProductDetailsTable1(CategoriesType,Title,Description,State,City,ContactPhoto,ContactSPhoto,Price,ContactName,ContactEmail,ContactMobile) values('" + ddllist.Text + "','" + txtTitle.Text + "','" + txtDescription.Text + "','" + ddlState.SelectedItem.Text + "','" + ddlCity.SelectedItem.Text + "','" + strimage + "','" + strimage2 + "','" + txtPrice.Text + "','" + txtContactName.Text + "','" + txtContactEmail.Text + "','" + txtContactMobile.Text + "')";
                SqlCommand cmd = new SqlCommand(strInsert, con);
                try
                {
                    con.Open();
                    cmd.ExecuteNonQuery();

                    ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Posted Successfully')", true);

                }
                catch (SqlException ex)
                {
                    string errorMessage = "Error in entering competition";
                    errorMessage += ex.Message;
                    throw new Exception(errorMessage);
                }
                finally
                {
                    con.Close();
                }
            }
        }
        else
        {
            ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Select CategoryType')", true);
        }
 
Share this answer
 
Comments
Richard Deeming 16-Sep-14 9:04am    
You've copied the SQL Injection[^] vulnerability from the OP's code.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900