0

this is my database using sql server, I save my image using the image attribute:

 create table registro(id int IDENTITY(1,1),Nombre varchar(100),appaterno varchar(100),apmaterno varchar(100),lineainvestigacion varchar(100),correo varchar(100),correoi varchar(100),telefonop int,extension int,telefonoof int, usuario varchar(100) PRIMARY KEY ,clave varchar(100),imagen image,idrol varchar(100),ciudadr varchar(100));

this is my class:

public class Registro1
{

    public int id { get; set; }
    public string nombre { get; set; }
    public string appaterno { get; set; }
    public string apmaterno { get; set; }
    public string correo { get; set; }
    public string usuario { get; set; }
    public string clave { get; set; }

  // public string Imagen { get; set; }
    public byte[] imagen { get; set; }
    public string idrol { get; set; }
    
    
    public string lineainvestigacion { get; set; }
    public string correoi { get; set; }
    public int telefonoof { get; set; }
    public double telefonop { get; set; }
    public int extension { get; set; }
    public string ciudadr { get; set; }


}

this is my controller:

   public ActionResult Updateprofile(Registro1 rg)
        {
            connectionString();
            con.Open();
            com.Connection = con;
            com.CommandText =
 "update registro set Nombre='" + rg.nombre + "',ciudadr='" + rg.ciudadr + "',correoi='" + rg.correoi 
 + "',correo='" + rg.correo + "',clave='" + rg.clave + "',lineainvestigacion='" + 
 rg.lineainvestigacion + "',telefonop='" + rg.telefonop + "',extension='" + rg.extension + 
 "',telefonoof='" + rg.telefonoof + "',imagen='" + Convert.ToByte(rg.imagen) + "' WHERE usuario = '" 
 + rg.usuario + "'";






        try
        {


                dr = com.ExecuteReader();
                con.Close();
                Response.Write("<script>alert('Perfil actualizado')</script>");
                return View("../Home/Perfil");
           }
            catch (Exception es)
            {
              
                con.Close();
                Response.Write("<script>alert('Perfil no actualizado')</script>");
                return View("Actualizarperfil");

                throw es;
                // con.Close();

            }
        }

I command to call my image attribute like this

          <form action="Updateprofile" method="post" class="form-horizontal" role="form">
       

                 <div class="form-group">
                    <label for="Imagen" class="col-sm-3 control-label">Imagen</label>
                    <div class="col-sm-9">
                        <input type="file" name="Imagen" required />
                    </div>
                </div>

                <button type="submit" class="btn btn-primary btn-block">Actualizar datos</button>
 </form>

but when I click the update button it shows me this error:

The input is not a valid Base-64 string as it contains a non-base 64 character

I would like to know if I am converting my byte attribute wrong in the controller or if I have some other error

Lalo Miguel
  • 11
  • 2
  • This is an HTML form being submitted, so it will be sent as FormData. The server needs to extract the file from the request so there are interfaces like IFormFile or HttpPostedFileBase. Please check if this applies: https://stackoverflow.com/questions/22623947/asp-net-mvc-5-image-upload-to-folder – Matt E. Apr 29 '21 at 18:51

1 Answers1

0

I think you want to use Convert.ToBase64String for your image. The documentation for that function can be found here.

Also, concatenating strings to create a SQL command opens a SQL injection vulnerability. You should switch to a prepared statement.

Michael Keane Galloway
  • 106
  • 1
  • 7