-1

I am trying to store an image path in my mysql database but it does not store the backslash(/).

this is my path - string str = @"C:\Users\user\Downloads\99 Most Amazing Collection of Computer Desktop Wallpapers - 5522 [ECLiPSE]"

this is how it appears in mysql - C:UsersuserDownloads99 Most Amazing Collection of Computer Desktop Wallpapers - 5522 [ECLiPSE]

Because of this i am unable to retrive the image, so how do i store the imagepath with the backslash included.

Mysql Code

      string sqlstring = "server=; port= ; user id =;Password=;Database=;";

   string str = @"C:\Users\user\Downloads\99 Most Amazing Collection of 
       Computer Desktop Wallpapers - 5522 [ECLiPSE]"
            MySqlConnection conn = new MySqlConnection(sqlstring);
            try
            {
                conn.Open();
            }
            catch (MySqlException ex)
            {
                throw ex;
            }
            string Query = "INSERT INTO test.blogimagestable (ImagesId)values('" + str + "');";
            MySqlCommand cmd = new MySqlCommand(Query, conn);
            cmd.ExecuteReader();
            conn.Close();
LBG
  • 51
  • 2
  • 8
  • How are you storing your path? Can you show us your code where you are saving the path string – Rahul Sharma Apr 07 '19 at 20:22
  • @RahulSharma ok – LBG Apr 07 '19 at 20:23
  • @RahulSharma i edited the question. – LBG Apr 07 '19 at 20:36
  • 4
    Stop trying to assemble SQL using string concatenation and [use parameters](https://stackoverflow.com/questions/7505808/). That will fix your current problem, and many future problems. – Dour High Arch Apr 07 '19 at 20:44
  • 1
    Possible duplicate of [Why do we always prefer using parameters in SQL statements?](https://stackoverflow.com/questions/7505808/why-do-we-always-prefer-using-parameters-in-sql-statements) – Nick Apr 08 '19 at 03:05

1 Answers1

2

You should use parametrized queries to prevent such problems from happen automatically. And other nasty things, like SQL injections.

And you should rather call ExecuteNonQuery() instead of ExecuteReader() for a statement, that doesn't return a result. Or at least take care of calling Dispose() on the useless reader or using using. (Same goes for your other disposable objects.)

...
string Query = "INSERT INTO test.blogimagestable (ImagesId)values(?str);";
MySqlCommand cmd = new MySqlCommand(Query, conn)
cmd.Parameters.Add("?str", MySqlDbType.VarString, 256).Value = str;
cmd.ExecuteNonQuery();
...

Change the type and length passed to Parameters.Add() according to the type of your column.

sticky bit
  • 36,626
  • 12
  • 31
  • 42