I have a customer that is asking to be able to retrieve an image from a Sql Server Db and turn around and save it to a directory on his computer. He wants to be able to do this via a asp.net web page. I am able to retrieve the image from the image as a byte array but have no idea how to take that image and save it to the directory as a file. Anyone have any ideas on how to do this? Thanks.
You can try with Save Method
MemoryStream memoryStream = new MemoryStream((byte[])YourDataTable.Rows[0]["ImageData"]);
Picturebox picturebox = new Picturebox();
picturebox.Image = Image.FromStream(memoryStream);
picturebox.Image.Save("...YourPath", System.Drawing.Imaging.ImageFormat.Jpeg)
Related
I have an ASP.NET web application that allows the user to upload a file from his PC to a SQL Server database (which is later used to generate an image for an tag). Is there an "easy" way to test the image within .NET to validate that it does not contain anything malicious before saving it?
Right now, I use this:
MemoryStream F = new MemoryStream();
Bitmap TestBitmap = new Bitmap(Filename);
TestBitmap.Save(F, System.Drawing.Imaging.ImageFormat.Png);
int PhotoSize = (int)F.Length;
Photo = new byte[PhotoSize];
F.Seek(0, SeekOrigin.Begin);
int BytesRead = F.Read(Photo, 0, PhotoSize);
F.Close();
Creating TestBitmap fails if it is not an image (e.g. if Filename is the name of a text file), but apparently this doesn't stop a file that is an image with malicious code appended to it from loading as an image, so saving it as a MemoryStream and then writing the stream to a byte array (which is later saved in the database) supposedly fixes this.
To avoid people pass programs and other information's using the ability to upload photos to your site you can do two main steps.
Read and save again the image with your code to remove anything elst.
Limit the size of each image to a logical number.
To avoid some one upload bad code and run it on your server you keep an isolate folder with out permission to run anything. More information's about that on:
I've been hacked. Evil aspx file uploaded called AspxSpy. They're still trying. Help me trap them‼
And a general topic on the same subject: Preparing an ASP.Net website for penetration testing
I am working on an Application based on Monorails which generates images / charts at runtime. The code writes the images to OutputStreams and not to the Appserver hard drive. It allows the user to download the image. I want to make sure that only the logged in user is able to download the image and no one else.
For e.g if any user A tries to download image generated for user B user A should not be able to do that no matter what.
Note: I am not storing the file to the hard disk.
How can I implement this???
Below is the sample code I have written for the image download.
var stream = new MemoryStream();
Response.Clear();
Response.ContentType = "application/image";
Response.AddHeader("Content-Disposition","attachment; filename=" + imagefilename);
var array = stream.To Array();
Response. OutputStream.Write(array,0,array.length);
Response.End();
Please help me fix this issue.
Thanks,
Rahul
You need logic in the code to check if the user logged in 'owns' the image they are trying to download.
If they don't 'own' it, Response.End their request
I have set of components that i wish to let the users download from my web application.
Now the question is where should i place the files in app_data or create a separate folder in asp.net web application as shown here or is there any other optimal solution for this ?
What i mean by components is you can take a look at this ! So what is the best way to do store the components ?
Right now what i'm doing is: i'm storing the files in a external folder outside the application more specifically in documents folder of my c drive, and i'm storing the path to a component as a data element of the table, when ever user clicks on a particular row's button (in the grid view) i'm getting the title of that particular clicked row and querying the database table for the filepath of that component title using these lines of code:
String filePath = dr1[0].ToString(); //GETS THE FILEPATH FROM DATABASE
HttpContext.Current.Response.ContentType = "APPLICATION/OCTET-STREAM";
String disHeader = "Attachment; Filename=\"" + filePath + "\"";
HttpContext.Current.Response.AppendHeader("Content-Disposition", disHeader);
System.IO.FileInfo fileToDownload = new System.IO.FileInfo(filePath);
HttpContext.Current.Response.Flush();
HttpContext.Current.Response.WriteFile(fileToDownload.FullName);
Am i doing it properly ? Is there a better/optimal way to do it ?
A user simply needs read access to download a file, so you can simply create a directory claled "Downloads" and place them in there.
You can ensure that people can't "browse" that directory by disabling Directory Browsing and not placing any default docs in there (index.html, default.aspx for example)
What you are currently doing looks like a fairly standard way for providing downloads off your site.
I can't think of something more "optimal".
I'm currently patching an asp.net program where I need to be able to send an image to an SQL Server 2005 DB. It works fine when I use the asp:fileupload control, but the trick is that when the user deletes the image, I'm supposed to replace it with an image from the server saying "empty", in code-behind.
I know how to open, use and save text files in vb, but I can't find any information anywhere on how to open an image / binary file in a similar manner so that I can use it as an sql-parameter on the update query.
Below is an example of how easy it is to use a file from the fileupload control.
Dim t_id As Integer = Convert.ToInt32(Request.QueryString("id"))
open()
Dim picture As New SqlParameter("#picture", pictureFileUpload.FileBytes)
Dim id As New SqlParameter("#id", t_id)
myCommand = New SqlCommand("spChangeImage")
myCommand.CommandType = CommandType.StoredProcedure
myCommand.Connection = conn
myCommand.Parameters.Add(picture)
myCommand.Parameters.Add(id)
myCommand.ExecuteNonQuery()
close()
Now I need a way to open an image file and set it as a parameter in a similar manner, but I've no clue as to how to go about doing that. All the search results are focused on opening and viewing an image in html, I just need the binary to use it in the query. I'm trying to use binaryreader but even then I've no idea how to actually map the file to begin with.
Thanks in advance for any help!
Personally, I wouldn't store this image in the database when the user deletes their value. I would set the column to null. When writing the image I would detect if the column is null, then read the file and write it to the response. If you do this, then you won't need to accumulate anything into a local buffer, you can just write each buffer to the response as it is read. You can use FileInfo.Length to determine the content length of the response.
If you insist on putting the image in the DB, you can also use FileInfo.Length to determine the size of buffer you need to hold the image. Use your BinaryReader to read this length of bytes into the buffer. The buffer then becomes your parameter to the SQL command.
this might help.
I save my images into my SQL Server Database with ASP.NET(2.0).
(imageData -> image) (imageType -> varchar) (imageLength -> bigint)
Thus the imageData will be "Binary data" and the imageType will be like "image/gif" and the imageLength will be like "6458".......
Is it possible to get the image HEIGHT and WIDTH from my VB.NET code inside my ASP.NET?
I want to make my picture box on my web form the size of the actual image that is saved in my database.
Regards
Etienne
Assuming you have the data in a stream:
System.Drawing.Image.FromStream(yourStream).Height
You are probally better doing this when you save the image to the DB, as I'm sure that loading the image object isn't going to be cheap.
Edit
If we take this to email then the next guy with this issue won't have a record of our solution. Let's keep it in the forum for now.
Just so we know, I am a C# developer so I'm not going to try and remember vb.net syntax if this is an issue and you need help converting let me know.
You have an IDataReader I'm assuming which is pulling an Image or binary varbinary etc field from your DB. You need to load it into an object which derives from System.IO.Stream. For our purposes a MemoryStream is the perfect choice as it doesn't require a backing store such as a disk.
System.IO.MemoryStream yourStream = new System.IO.MemoryStream(dr["imgLength"] as byte[]);
System.Drawing.Image yourImage=System.Drawing.Image.FromStream(yourStream);
yourImage.Height;
yourImage.width
I would save the height and width of the image in separate columns when you save the image to the database intially. Then when you do your select statement to read the image out of the database, you can also access the height and width fields from the database.
Alternatively you can access the height and width information when you load the image out of the database and then set the height and width properties before assigning the image to the picture box.
You can get the height and width but you are going to have to load the whole image into memory using the system.drawing.image library, each time you need that info.
Better to save it as separate fields the first time you save it to the database, that is generally what I do.
Sounds like you want 2 more fields in your database, height and width.
I strongly believe that after a few hundred gigabytes of images you'll find yourself thinking that the file system and static file http servers are better suited than the databas for storing images. It also allows you to use thousands of existing free tools to work with, move, host, etc the images. Your database might get busy, and it's not easy to cluster.
Dim mobj_wc As New System.Net.WebClient
Dim obj_BookOriginalImage As System.Drawing.Bitmap
Dim ImageInBytes() As Byte = mobj_wc.DownloadData(mstr_BookURL & mds_BookDetails.Tables(0).Rows(0).Item("BookImage"))
'CREATE A MEMORY STREAM USING THE BYTES
Dim ImageStream As New IO.MemoryStream(ImageInBytes)
obj_BookOriginalImage = New System.Drawing.Bitmap(ImageStream)
mint_ImageWidth = obj_BookOriginalImage.Width