none
how to add byte[] array based Image to the SQL Server without using parameter RRS feed

  • Question

  • how to add byte[] array based Image to the SQL Server without using parameter.I have a column in table with the type image in sql and i want to add image array to the sql image column like below:

    I want to add image (RESIM) to the procedur like shown above but sql accepts byte[] RESIMI like System.Drowing. I whant that  sql accepts byte [] array like sql  image type

    not using cmd.ParametersAdd() method

    here is Isle() method content


    Wednesday, April 15, 2015 6:17 AM

Answers

  • SQL Server binary constants use a hexadecimal format: https://msdn.microsoft.com/en-us/library/ms179899.aspx

    You'll have to build that string from a byte array yourself:

    byte[] bytes = ...
    
    StringBuilder builder = new StringBuilder("0x", 2 + bytes.Length * 2);
    foreach (var b in bytes)
        builder.Append(b.ToString("X2"));
    string binhex = builder.ToString();
    
    That said, what you're trying to do - not using parameters - is the wrong thing to do. Not only it is insecure due to the risk of SQL injection but in the case of binary data is also inefficient since these hex strings are larger than the original byte[] data.

    Wednesday, April 15, 2015 7:13 AM
    Moderator

All replies

  • SQL Server binary constants use a hexadecimal format: https://msdn.microsoft.com/en-us/library/ms179899.aspx

    You'll have to build that string from a byte array yourself:

    byte[] bytes = ...
    
    StringBuilder builder = new StringBuilder("0x", 2 + bytes.Length * 2);
    foreach (var b in bytes)
        builder.Append(b.ToString("X2"));
    string binhex = builder.ToString();
    
    That said, what you're trying to do - not using parameters - is the wrong thing to do. Not only it is insecure due to the risk of SQL injection but in the case of binary data is also inefficient since these hex strings are larger than the original byte[] data.

    Wednesday, April 15, 2015 7:13 AM
    Moderator
  • Thank  you very much
    Wednesday, April 15, 2015 8:43 AM