0

When I try to submit this form, I am getting this error. This application runs perfectly as intended when I am running it locally but now that I have deployed the application on azure, I am getting this error: "Could not find a part of the path 'D:\home\site\wwwroot\DriverImage\image.jfif'."

protected void btnSubmit_Click(object sender, EventArgs e)
        {
            SqlConnection con = new SqlConnection(str);
            if (imageUpload.HasFile)
            {
                string isassigned = "no";
                string filename = imageUpload.PostedFile.FileName;
                string filepath = "DriverImage/" + imageUpload.FileName;
                imageUpload.PostedFile.SaveAs(Server.MapPath("~/DriverImage/") + filename);
                con.Open();
                SqlCommand cmd = new SqlCommand("Insert into Drivers (firstname, lastname, gender, race, dob, image, isassigned) values('" + txtFirstName.Text + "', '" + txtLastName.Text + "', '" + drpGender.SelectedItem.Text + "', '" + drpRace.SelectedItem.Text + "', '" + Calendar1.SelectedDate.ToString("dd/MM/yyyy") + "', '" + filepath + "', '" + isassigned + "')", con);
                cmd.ExecuteNonQuery();
                con.Close();
                Response.Write("<script>alert('Driver added successfully.');</script>");
                Response.Redirect("AddDriver.aspx");
            }
        }

I have another file upload control for a different form that basically uses the same code but saves the image in a different folder and that works when deployed.

MikeWizowski
  • 11
  • 1
  • 1
    This code is a great opportunity to create an [Sql Injection hack](https://learn.microsoft.com/en-us/sql/relational-databases/security/sql-injection) – Steve Nov 09 '21 at 11:12
  • 1
    Completely unrelated to your question, but extremely pertinent advice: **Never** use string concatenation (`"Hello " + "World"`) to construct SQL queries, this leaves you vulnerable to [SQL Injection](https://stackoverflow.com/questions/601300/what-is-sql-injection). In C#, we use parametrized queries as explained [here](https://stackoverflow.com/q/35163361/9363973) to safely add user input to a query – MindSwipe Nov 09 '21 at 11:12
  • Did you try to debug this code? The imageUpload.PostedFile.FileName should be the _Gets the fully qualified name of the file on the client._ according to docs. So nothing that you can use on server side code. Just extract the filename with Path.GetFilename or _imageUpload.FileName;_ and use it to construct your server path – Steve Nov 09 '21 at 11:16

1 Answers1

0

add the following code before string isassigned = "no";

string folderPath = Server.MapPath("~/DriverImage/");

this will create a folder path on the server

Sola Oshinowo
  • 519
  • 4
  • 13