Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>The first part of the answer is, avoid dynamic SQL if you can. You're using "... VALUES ('"+type+"','"+filename+"'"+data+")" when you should be using "... VALUES (?, ?, ?)".</p> <p>Then, add the parameters using, for instance,</p> <pre><code>// sample: the name of the parameter (here @Type) can be anything, and the type and length should match your schema. broadcastCommand.Parameters.Add("@Type", OleDbType.VarChar, 10).Value = type; </code></pre> <p>The question marks will be replaced by the parameters in the order you specify them, so you should add type, then filename, then data, in that order.</p> <p>Now, the value you specify should ALSO correspond to the type of field you are inserting into. So instead of String, String, String, you might want your variables to be of type String, String, byte[].</p> <p>There are about a million reasons not to construct your queries dynamically, so I would recommend studying up on how to use the Parameters collection on your OdbcCommand. Start <a href="http://msdn.microsoft.com/en-us/library/system.data.odbc.odbcparameter" rel="nofollow">here</a>.</p> <p><strong>UPDATE</strong></p> <p>In general you can get <code>DataReader</code> values simply by using the indexer [], without needing to go through the <code>GetXXX()</code> methods. For byte arrays, that's usually simpler, because you don't need to know or try to guess the length beforehand.</p> <p>You can convert your code to use indexers this way:</p> <pre><code>String type = (string)DbReader[0]; String filename = (string)DbReader[1]; byte[] data = (byte[])DbReader[2]; </code></pre> <p>Note that your <code>GetBytes()</code> call originally had a 1 in there, but I assume you aren't trying to get the bytes of the filename field. So, if your <code>byte[]</code> data is in another field, use that instead. Be aware, however, that you could also use the string field names just as easily (and it might be clearer the next time you need to read the code):</p> <pre><code>String type = (string)DbReader["type"]; // replace with whatever your fields are actually called String filename = (string)DbReader["filename"]; byte[] data = (byte[])DbReader["data"]; </code></pre> <p>On the off-chance you had <code>filename</code> and <code>data</code> both using the same field because <code>data</code> isn't actually in the database and instead you want to take the filename and read that filesystem object in as your data for the insert query, you'll need to use a different method. </p> <pre><code>byte[] data = System.IO.File.ReadAllBytes(filename); // requires .NET 2.0+ </code></pre> <p>Either way you fill your variables, insert them with a parameterized query as explained above.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload