1

this is my code I have tried to retrieve image from db but parameter is not valid on Memory stream and also see many answer about parameter is not valid on stackoverflow but my issue is same

try
{
    con = new SqlConnection(cs.DBConn);
    con.Open();

    // Retrieve BLOB from database into DataSet.
    String sql = "Select  Image from Users where Username='" + TxtUserName.Text + "' and password='" + TxtPassword.Text + "'";
    cmd = new SqlCommand(sql, con);
    SqlDataReader dr = cmd.ExecuteReader();

    while (dr.Read())
    {
        byte[] b = new byte[0];
        b = (Byte[])(dr["Image"]);
        MessageBox.Show(b.ToString());
        MemoryStream ms = new MemoryStream(b);
        pictureBox1.Image = Image.FromStream(ms);
        frm.pictureBox2.Image = pictureBox1.Image;

        con.Close();
    }
}
catch (Exception ex)
{ 
    MessageBox.Show(ex.Message);
}
Filburt
  • 17,626
  • 12
  • 64
  • 115
Azam Khan
  • 21
  • 2
  • 1
    What are you targetting: Winforms, WPF, ASP..? __Always__ tag your question correctly! – TaW May 03 '17 at 09:11
  • I'd strongly recommend using SqlParameter instead of string concatenation for your query - or [Moms Will Pwn Yor App](https://xkcd.com/327/) – Filburt May 03 '17 at 09:21
  • When your current problem is fixed, I'd suggest you have a look at "[How does the SQL injection from the “Bobby Tables” XKCD comic work](http://stackoverflow.com/q/332365/205233)" – Filburt May 03 '17 at 10:43

3 Answers3

0

try like this:

var da = new SqlDataAdapter(cmd);
var ds = new DataSet();
da.Fill(ds, "Images");
int count = ds.Tables["Images"].Rows.Count;

if (count > 0)
{ 
    var data = (Byte[])(ds.Tables["Images"].Rows[count - 1]["Image"]);
    var stream = new MemoryStream(data);
    pictureBox1.Image= Image.FromStream(sream);
}
Shahrooz Ansari
  • 2,637
  • 1
  • 13
  • 21
0
Image myImage = null;
if (!(dr["Image"] is DBNull))
{
   byte[] b = (Byte[])(dr["Image"]);
   using (MemoryStream ms = new MemoryStream(b, 0, b.Length))
   {
        ms.Write(b, 0, b.Length);
        myImage = Image.FromStream(ms, true);
   }
}
pictureBox1.Image = myImage;
rius
  • 461
  • 3
  • 6
  • 3
    While this code snippet may solve the question, [including an explanation](http://meta.stackexchange.com/questions/114762/explaining-entirely-code-based-answers) really helps to improve the quality of your post. Remember that you are answering the question for readers in the future, and those people might not know the reasons for your code suggestion. – Nahuel Ianni May 03 '17 at 09:08
0

While the other answers already may solve your issue at hand, I'd like to suggest a few additional optimizations:

try
{
    // Put your connection into a using block to have closing/disposing handled for you
    using (con = new SqlConnection(cs.DBConn))
    {
        con.Open();

        // Create a query with placeholders for your parameter values
        // Limit it with TOP 1 - since you only expect to identify 1 user
        string sql = "SELECT TOP 1 [Image] FROM [Users] WHERE [Username] = @usr AND [password] = @pwd";

        using (cmd = new SqlCommand(sql, con))
        {
            // add a parameter with the user name value
            cmd.Parameters.AddWithValue("usr", TxtUserName.Text);

            // add a parameter with the password value
            cmd.Parameters.AddWithValue("pwd", TxtPassword.Text);

            // Use ExecuteScalar since you only expect 1 row with 1 column
            byte[] b = cmd.ExecuteScalar() as byte[];

            // you may want to check if byte array b is null

            // Same as for Connection: let using handle disposing your MemoryStream
            using (MemoryStream ms = new MemoryStream(b))
            {
                pictureBox1.Image = Image.FromStream(ms);
                frm.pictureBox2.Image = pictureBox1.Image;
            }
        }
    }
}
catch (Exception ex)
{ 
    MessageBox.Show(ex.Message);
}
Filburt
  • 17,626
  • 12
  • 64
  • 115
  • same issue parameters not valid – Azam Khan May 06 '17 at 05:27
  • Are you sure your `Image` column even returns a `byte[]`? Try debugging and inspect the object returned from `cmd.ExecuteScalar()` - or even better inspect the value returned when you run your query in SSMS. – Filburt May 06 '17 at 10:42