insert filename of uploaded file into database (C#)
Hello All;
I can upload a file, but am having a problem with inserting the filename into the database.
There does not really seem to be an aweful lot of information available online for .NET that I thought there would be, I am sure that there are sites with an abundance of information, I have just not found it yet.
(Classic ASP was a lot easier to learn)
OK
I need to get the uploaded filename to insert into the database.
Below is the code that I am using to insert into the database.
Also, I use parameters for all my database work, so could someone please assist in how to write the parameters coding for this as well?
Thank You
Carrzkiss
I can upload a file, but am having a problem with inserting the filename into the database.
There does not really seem to be an aweful lot of information available online for .NET that I thought there would be, I am sure that there are sites with an abundance of information, I have just not found it yet.
(Classic ASP was a lot easier to learn)
OK
I need to get the uploaded filename to insert into the database.
Below is the code that I am using to insert into the database.
Also, I use parameters for all my database work, so could someone please assist in how to write the parameters coding for this as well?
Thank You
Carrzkiss
string filename = Path.GetFileName(FileUploadControl.FileName);
FileUploadControl.SaveAs(Server.MapPath("Uploaded/") + filename);
////////////////////////////////////////////////////////////////////////////////////////
OleDbConnection objConnection = null;
OleDbCommand objCmd = null;
String strConnection, strSQL;
strConnection = "Provider=Microsoft.Jet.OleDb.4.0;";
strConnection += @"Data Source="+MapPath("Database1.mdb");
objConnection = new OleDbConnection(strConnection);
objConnection.ConnectionString = strConnection;
objConnection.Open();
strSQL = "INSERT INTO MegaPics (PicsPath)VALUES(@filename)";
objCmd = new OleDbCommand(strSQL, objConnection);
objCmd.ExecuteNonQuery();
ASKER
Hello "AsishRaj"
I am getting the following error
CS0118: 'System.Drawing.Size' is a 'type' but is used like a 'variable'
On this line
objCmd .Parameters.Add("@filename
I am getting the following error
CS0118: 'System.Drawing.Size' is a 'type' but is used like a 'variable'
On this line
objCmd .Parameters.Add("@filename
ASKER
:)
Sorry, Size = 255
My mistake.
Sorry, Size = 255
My mistake.
objCmd .Parameters.Add("@filename
ASKER
I am still getting this error
The following error occured: Parameter @filename has no default value.
How can I get the Value that gets assigned to filename ?
It is a
string filename = Path.GetFileName(FileUploa
So, how would I go about taking the Value given to this string, and using it in the Insert Statement?
The following error occured: Parameter @filename has no default value.
How can I get the Value that gets assigned to filename ?
It is a
string filename = Path.GetFileName(FileUploa
So, how would I go about taking the Value given to this string, and using it in the Insert Statement?
Here is what you will want to do.
OleDbConnection objConnnection = null;
OleDbCommand objCmd = null;
string strConnection, strSQL;
strConnection = "Provider=Microsoft.Jet.Ol
strConnection += "Data Source=" + MapPath("Database1.mdb");
objConnnection = new OleDbConnection(strConnect
objConnnection.ConnectionS
objConnnection.Open();
strSQL = "INSERT INTO MegaPics (PicsPath) Values (@filename)";
objCmd = new OleDbCommand(strSQL, objConnnection);
OleDbParameter param = objCmd.CreateParameter();
param.DbType = DbType.String;
param.Size = 255;
param.ParameterName = "@filename";
param.Value = filename;
objCmd.Parameters.Add(para
objCmd.ExecuteNonQuery;
OleDbConnection objConnnection = null;
OleDbCommand objCmd = null;
string strConnection, strSQL;
strConnection = "Provider=Microsoft.Jet.Ol
strConnection += "Data Source=" + MapPath("Database1.mdb");
objConnnection = new OleDbConnection(strConnect
objConnnection.ConnectionS
objConnnection.Open();
strSQL = "INSERT INTO MegaPics (PicsPath) Values (@filename)";
objCmd = new OleDbCommand(strSQL, objConnnection);
OleDbParameter param = objCmd.CreateParameter();
param.DbType = DbType.String;
param.Size = 255;
param.ParameterName = "@filename";
param.Value = filename;
objCmd.Parameters.Add(para
objCmd.ExecuteNonQuery;
ASKER
Thanks for your reply "snapjaq"
I tested the code and am recieving the following error.
CS0103: The name 'DbType' does not exist in the current context
On this line
param.DbType = DbType.String;
ASP.NET is kicking my butt...
But I will eventually grasp ahold of it shortly, just need a little hand holding on the start of my way.
I tested the code and am recieving the following error.
CS0103: The name 'DbType' does not exist in the current context
On this line
param.DbType = DbType.String;
ASP.NET is kicking my butt...
But I will eventually grasp ahold of it shortly, just need a little hand holding on the start of my way.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I read through that page, and it still does not fix this issue.
Let me try to explain this a little better here, to where MAYBE someone will catch on to what I have going on over here.
----------
I am uploading images to the server, I need to have the ImageName written to the database.
I need to grab:
string filename = Path.GetFileName(FileUploa
FileUploadControl.SaveAs(S
And insert it into my INSERT statement.
strSQL = "INSERT INTO MegaPics(PicsPath)VALUES(?
objCmd = new OleDbCommand(strSQL, objConnection);
objCmd.Parameters.Add("@Pi
objCmd.ExecuteNonQuery();
Right now it is not doing this:
Upload status: The file could not be uploaded. The following error occured: Parameter ?_1 has no default value.
So, what I need is to get the "filename" from the string and have it added to the Parameterized query to have it inserted into my table.
Any idea's anyone?
Thank You
Carrzkiss
Let me try to explain this a little better here, to where MAYBE someone will catch on to what I have going on over here.
----------
I am uploading images to the server, I need to have the ImageName written to the database.
I need to grab:
string filename = Path.GetFileName(FileUploa
FileUploadControl.SaveAs(S
And insert it into my INSERT statement.
strSQL = "INSERT INTO MegaPics(PicsPath)VALUES(?
objCmd = new OleDbCommand(strSQL, objConnection);
objCmd.Parameters.Add("@Pi
objCmd.ExecuteNonQuery();
Right now it is not doing this:
Upload status: The file could not be uploaded. The following error occured: Parameter ?_1 has no default value.
So, what I need is to get the "filename" from the string and have it added to the Parameterized query to have it inserted into my table.
Any idea's anyone?
Thank You
Carrzkiss
objCmd.Parameters.Add("@Pi
Should Be
objCmd.Parameters.Add("@Pi
give me a few minutes, i will give u a complete working example.
Should Be
objCmd.Parameters.Add("@Pi
give me a few minutes, i will give u a complete working example.
ASKER
yep, I missed that.
OK, will await your code example.
OK, will await your code example.
OleDbConnection objConnection = null;
OleDbCommand objCmd = null;
String strConnection, strSQL;
strConnection = "Provider=Microsoft.Jet.Ol
strConnection += @"Data Source="+MapPath("Database
objConnection = new OleDbConnection(strConnect
objConnection.ConnectionSt
objConnection.Open();
strSQL = "INSERT INTO MegaPics (PicsPath)VALUES('" & filename & "')";
objCmd = new OleDbCommand(strSQL, objConnection);
objCmd.ExecuteNonQuery();
objConnection.Close();
OleDbCommand objCmd = null;
String strConnection, strSQL;
strConnection = "Provider=Microsoft.Jet.Ol
strConnection += @"Data Source="+MapPath("Database
objConnection = new OleDbConnection(strConnect
objConnection.ConnectionSt
objConnection.Open();
strSQL = "INSERT INTO MegaPics (PicsPath)VALUES('" & filename & "')";
objCmd = new OleDbCommand(strSQL, objConnection);
objCmd.ExecuteNonQuery();
objConnection.Close();
Also i was looking at snapjag example, that is correct as well.
Are you sure you are passing correct values in Filename. PLease keep in mind about the opening and closing comas(" "). if they are used in the variable, it will give you an error.
I would suggest, before doing an insert, try putting the output on the screen first, to see if the variable holds the correct data.
Are you sure you are passing correct values in Filename. PLease keep in mind about the opening and closing comas(" "). if they are used in the variable, it will give you an error.
I would suggest, before doing an insert, try putting the output on the screen first, to see if the variable holds the correct data.
ASKER
The output is going to the screen, but will not work in the insert, that is what has me confused.
In Classic ASP, I could debug through this and find the problem, so I have tried taking my knowledge from that and applying to this and am coming up short somewhere.
But, I can state that it is outputting to the screen, just not to the insert statement.
--------
Also, I am using Parameters, so I prefer to stay away from sending text straight into my database as you have provided in your example, though I did try it for testing purposes ONLY!, and it gave an error about having the & symbol in the mix, so.
I will tackle this again in the morning, right now I am going to call it a night.
If either of you can think of anything else, please provide and I will check it out in the morning.
Have a good one guys.
Carrzkiss
In Classic ASP, I could debug through this and find the problem, so I have tried taking my knowledge from that and applying to this and am coming up short somewhere.
But, I can state that it is outputting to the screen, just not to the insert statement.
--------
Also, I am using Parameters, so I prefer to stay away from sending text straight into my database as you have provided in your example, though I did try it for testing purposes ONLY!, and it gave an error about having the & symbol in the mix, so.
I will tackle this again in the morning, right now I am going to call it a night.
If either of you can think of anything else, please provide and I will check it out in the morning.
Have a good one guys.
Carrzkiss
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
using System.Data;
Yes, it is at the top of the page, has been since I stated the project.
On your answered, you sound like myself when I teach other on EE when dealing with ASP Classic and SQL & XSS Injections.
I designed a Function that I am going to see if it will work in .NET, the way things look it might, I think anyway.
Params, I have been using for about 5 months now, so your explaination is something that I already am aware of, and it what I have been taught and have been teaching since I started.
------------
The only thing that is left is getting a Multiple Upload code to work with what I have and I will be happy.
Have a good one and I will award you both points for your time and effort in this issue.
I am going to accept mine as solution with the points going to you both.
Carrzkiss
Yes, it is at the top of the page, has been since I stated the project.
On your answered, you sound like myself when I teach other on EE when dealing with ASP Classic and SQL & XSS Injections.
I designed a Function that I am going to see if it will work in .NET, the way things look it might, I think anyway.
Params, I have been using for about 5 months now, so your explaination is something that I already am aware of, and it what I have been taught and have been teaching since I started.
------------
The only thing that is left is getting a Multiple Upload code to work with what I have and I will be happy.
Have a good one and I will award you both points for your time and effort in this issue.
I am going to accept mine as solution with the points going to you both.
Carrzkiss
Glad you figured out.
I would recommend now one to using straight text for operation with database, but just gave to see the what the output might be.
using parameter is the safest way to do it, but when you dont validate the length, it might give a run-time error if the variable happens to hold more than length required.
As far as security goes, try to define your database connection string in webconfig file for added security reasons.
I would recommend now one to using straight text for operation with database, but just gave to see the what the output might be.
using parameter is the safest way to do it, but when you dont validate the length, it might give a run-time error if the variable happens to hold more than length required.
As far as security goes, try to define your database connection string in webconfig file for added security reasons.
objCmd = new OleDbCommand(strSQL, objConnection);
objCmd .Parameters.Add("@filename