The only way you will get a null reference there is to not assign anything to the
cmd
- and your code doesn't.
You create a command string:
strSqlCommand = "instert into demo(id,img) values(1," + photo + ")";
but you don't do anything with it. (and you can't spell "insert" :laugh: )
So try:
strSqlCommand = "INSERT INTO demo (id,img) values(1," + photo + ")";
cmd = new SqlCommand(strSqlCommand, con);
int rowAffected = cmd.ExecuteNonQuery();
But please, don't do it that way! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead:
strSqlCommand = "INSERT INTO demo (id,img) values(1,@PH)";
cmd = new SqlCommand(strSqlCommand, con);
cmd.Parameters.AddWithValue("@PH", photo);
int rowAffected = cmd.ExecuteNonQuery();