tags:

views:

9

answers:

1
Q: 

how to place images into sql server 2005

I have written the following code to place the image path into sql server 2005 but its not working is their any alternate way to place images into sql server from clientside application.

example.html

<form id="addresslistingform">
                  <fieldset id="fieldset1"><legend>Address for listing</legend>
                Zipcode:<br/>
                  <input size="30" type="text" id="zipcode"/><br/>
                Street No:<br/>
                  <input size="30" type="text" id="addstreetno" class="number" name="streetno"/><br/>
                Street Name:<br/> 
                  <input size="30" type="text" id="addstreetname" class="required" name="streetname"/><br/>                            
                Upload a couple of pictures:<br>
              <input size="30" type="file" id="addpicture"/> <br>                 
              </fieldset>

             <input id="Addresslisting" type="image" src="images/Submit.png" align="left"  />                   
 </form>

example.js

    $("#Addresslisting").click(function() {
       var zipcode = ($("#addzipcode").val());
        var streetno = ($("#addstreetno").val());
        var streetname = ($("#addstreetname").val());
        var image = ($("#addpicture").val());
         var submitaddress = "{\"zipcode\":\"" + zipcode + "\",\"streetnumber\":\"" + streetno + "\",\"streetname\":\"" + streetname + "\",\"streetname\":\"" + streetname + "\",\"Imagelocation\":\"" + image + "\"}";
            $.ajax({
                type: "POST",
                url: "/exampleproject/Afterlogin.asmx/addresslisting",
                data: submitaddress,
                contentType: "application/json; charset=utf-8",
                success: ajaxSucceed,
                dataType: "json",
                failure: ajaxFailed
            });

});

asmx webservices file

[WebMethod(EnableSession = true)]
    [ScriptMethod(ResponseFormat = ResponseFormat.Json)]
    public bool addresslisting(string zipcode, string streetnumber, string streetname,  string Imagelocation)
    {
        SqlConnection con = new SqlConnection();
        con.ConnectionString = "";
        con.Open();

        SqlCommand sqlcom = new SqlCommand();//declaring a new command
        sqlcom.CommandText = "insert into Address_Listing(Zip_Code,Street_Number,Street_Name,Image_Location) values ('" + zipcode + "','" + streetnumber + "','" + streetname + "',  '" + Imagelocation + "')"; //query for inserting data into contact table
        sqlcom.Connection = con;//connecting to database

        try
        {
            int success = sqlcom.ExecuteNonQuery();
            con.Close();

            if (success > 0)
            {
                return true;
            }
            else
            {
                return false;
            }
        }
        catch (Exception e)
        {
            con.Close();
            return false;
        }


    }
+1  A: 

FYI, there are a number of problems with your code. It should be more like this:

public bool addresslisting(string zipcode, string streetnumber, string streetname, string Imagelocation)
{
    using (SqlConnection con = new SqlConnection())
    {
        con.ConnectionString = "";
        con.Open();

        using (SqlCommand sqlcom = new SqlCommand())
        {
            sqlcom.CommandText =
                string.Format(
                    "insert into Address_Listing(Zip_Code,Street_Number,Street_Name,Image_Location) " +
                    "values ('{0}','{1}','{2}',  '{3}')",
                    zipcode, streetnumber, streetname, Imagelocation);
            sqlcom.Connection = con;

            int success = sqlcom.ExecuteNonQuery();

            return success > 0;
        }
    }
}
  1. using blocks will ensure that resources are released, even if an exception is thrown
  2. Never hide exceptions. By returning "false" you are hiding whatever problem caused the exception to be thrown.
  3. I certainly hope you have sanitized zipcode, streetnumber, etc., otherwise your code is potentially vulnerable to a SQL Injection Attack.
John Saunders  2010-10-12 20:31:18

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?