I'm designing in my web page and image are stored in my database (The project is Photostudio management system)
MY Code:
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.SqlClient;
namespace photoshops
{
public partial class WebForm1 : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
SqlDataAdapter da = new SqlDataAdapter();
SqlConnection cnn = new SqlConnection();
DataSet ds = new DataSet();
string constr = null;
SqlCommand cmd = new SqlCommand();
if (IsValid != true )
{
constr = #"Data Source=DEVI\SQLEXPRESS;Initial Catalog =cat; Integrated
Security=SSPI";
cnn.ConnectionString = constr;
try
{
if (cnn.State != ConnectionState.Open)
cnn.Open();
}
catch (Exception ex)
{
string str1 = null;
str1 = ex.ToString();
}
cmd.Connection = cnn;
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = "photoset";
cmd.Parameters.Clear();
cmd.Parameters.AddWithValue("#BillNo", TextBox1.Text);
cmd.Parameters.AddWithValue("#CustomerName", TextBox2.Text);
cmd.Parameters.AddWithValue("#Address", TextBox3.Text);
cmd.Parameters.AddWithValue("#StartDate",Rdbsdate.SelectedDate );
cmd.Parameters.AddWithValue("#EndDate", Rdbddate.SelectedDate );
SqlParameter param0 = new SqlParameter("#Systemurl", SqlDbType.VarChar,
50);
cmd.Parameters.AddWithValue("#Numberofcopies", TextBox7.Text);
cmd.Parameters.AddWithValue("#Amount", TextBox8.Text);
cmd.Parameters.AddWithValue("#Total", TextBox9.Text);
da.SelectCommand = cmd;
try
{
da.Fill(ds);
}
catch (Exception ex)
{
string strErrMsg = ex.Message;
//throw new applicationException("!!!! An error an occured while
//inserting record."+ex.Message)
}
finally
{
da.Dispose();
cmd.Dispose();
cnn.Close();
cnn.Dispose();
}
if (ds.Tables.Count > 0)
{
if (ds.Tables[0].Rows.Count > 0)
{
Msg.Text = "Photo setting sucessfullY";
}
else
{
Msg.Text = "photosetting failled";
}
}
}
}
}
}
My ERROR
The record are not stored and image is not stored how to change in my code .
Well first of all, you're not saving the image, you're saving the path of your computer.
You need to save the byte array of the photo.
In short:
Upload its the upload control where you select the image
pic its the byte arrey where you upload the binary content of the photo
and then you only send it as a simple parameter cmd.Parameters.Add ("#pic", pic);
public void OnUpload(Object sender, EventArgs e)
{
// Create a byte[] from the input file
int len = Upload.PostedFile.ContentLength;
byte[] pic = new byte[len];
Upload.PostedFile.InputStream.Read (pic, 0, len);
// Insert the image and comment into the database
SqlConnection connection = new
SqlConnection (#"server=INDIA\INDIA;database=iSense;uid=sa;pwd=india");
try
{
connection.Open ();
SqlCommand cmd = new SqlCommand ("insert into Image "
+ "(Picture, Comment) values (#pic, #text)", connection);
cmd.Parameters.Add ("#pic", pic);
cmd.Parameters.Add ("#text", Comment.Text);
cmd.ExecuteNonQuery ();
}
finally
{
connection.Close ();
}
}
here are some tutorials, the first link it's very straightforward and the code its simple
http://www.codeproject.com/KB/web-image/PicManager.aspx
another, just in case:
http://www.redmondpie.com/inserting-in-and-retrieving-image-from-sql-server-database-using-c/
Principal resource: http://www.codeproject.com/KB/web-image/PicManager.aspx
Related
I was trying to use scrypt in asp.net for hashing the passwords from users, in the database, after sign up, but when I try to login, I don't know exactly how to compare the password for user with the hash from database.
Can anyone help me figure it out how to compare a password against a hashed password?
For SIGN-UP I used:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Drawing;
using System.Security.Cryptography;
using Scrypt;
namespace WebApplication1
{
public partial class SignUp : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void btSignup_Click(object sender, EventArgs e)
{
if (tbUname.Text != "" & tbPass.Text != "" && tbName.Text != "" && tbEmail.Text != "" && tbCPass.Text != "")
{
if (tbPass.Text == tbCPass.Text)
{
String CS = ConfigurationManager.ConnectionStrings["MyDatabaseConnectionString1"].ConnectionString;
using (SqlConnection con = new SqlConnection(CS))
{
ScryptEncoder encoder = new ScryptEncoder();
string hashsedPassword = encoder.Encode(tbPass.Text);
SqlCommand cmd = new SqlCommand("insert into Users values('" + tbUname.Text + "','" + hashsedPassword + "','" + tbEmail.Text + "','" + tbName.Text + "')", con);
con.Open();
cmd.ExecuteNonQuery();
lblMsg.Text = "Registration Succesfull";
lblMsg.ForeColor = Color.Green;
Response.Redirect("~/SignIn.aspx");
}
}
else { lblMsg.Text = "Passwords do not match"; }
}
else
{
lblMsg.ForeColor = Color.Red;
lblMsg.Text = "All Fields are Mandatory";
}
}
protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection con1 = new SqlConnection();
con1.ConnectionString = #"Data Source=(LocalDB)\v11.0;AttachDbFilename=|DataDirectory|\MyDatabase.mdf;Integrated Security=True";
con1.Open();
SqlCommand cm1 = new SqlCommand();
cm1.CommandText = "select * from [Users]where Username=#Uname";
cm1.Parameters.AddWithValue("#Uname", tbUname.Text);
cm1.Connection = con1;
SqlDataReader rd = cm1.ExecuteReader();
if (rd.HasRows)
{
Label1.Visible = true;
Label1.Text = "Username already exists !";
Label1.ForeColor = System.Drawing.Color.Red;
}
else
{
Label1.Visible = true;
Label1.Text = "Username is available !";
Label1.ForeColor = System.Drawing.Color.Green;
}
}
}
}
And LOGIN:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
namespace WebApplication1
{
public partial class SignIn : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
String CS = ConfigurationManager.ConnectionStrings["MyDatabaseConnectionString1"].ConnectionString;
using (SqlConnection con = new SqlConnection(CS)) {
SqlCommand cmd= new SqlCommand("select * from Users where Username='"+ Username.Text+"' and Password='"+Password.Text+"'" , con);
con.Open();
SqlDataAdapter sda = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
sda.Fill(dt);
if (dt.Rows.Count != 0)
{
Session["USERNAME "] = Username.Text;
Response.Redirect("~/UserHome.aspx"); }
else {
lblError.Text = "Invalid Username or Password !";
}
}
}
}
}
Scrypt.NET handles the comparison of the typed in password and the existing hash for you. The documentation page shows:
ScryptEncoder encoder = new ScryptEncoder();
bool areEquals = encoder.Compare("mypassword", hashedPassword);
In your case that means that you cannot use the password in the SQL query to get a specific user. You would have to use only the given Username to find the correct row in the Users table.
SqlCommand cmd = new SqlCommand("select * from Users where Username=#Username" , con);
cmd.Parameters.Add("#Username", SqlDbType.NVarChar, 255, Username.Text);
con.Open();
SqlDataAdapter sda = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
sda.Fill(dt);
if (dt.Rows.Count != 0) {
ScryptEncoder encoder = new ScryptEncoder();
foreach(DataRow row in dt.Rows)
{
if (encoder.Compare(Password.Text, (string)row["Password"]))
{
Session["USERNAME "] = Username.Text;
Response.Redirect("~/UserHome.aspx");
return;
}
}
} else {
lblError.Text = "Invalid Username or Password !";
}
Always use parametrized SQL queries. Otherwise, you're open to SQL injection attacks.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
public partial class FormCreationWithDataStoraget : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void sbmt_Click(object sender, EventArgs e)
{
string connectionString = ConfigurationManager.ConnectionStrings["Data Source=RAJIM -PC;Initial Catalog=RajiDatabase;Integrated Security=True"].ConnectionString;
string insertSql = "INSERT INTO FamilyDetails(FirstName,LastName,Gender,Age,Relationship,MobileNumber)" + "values(#FirstName,#LaseName,#Gender,,#Age,#,#MobileNumber)";
SqlConnection conn = new SqlConnection(connectionString);
SqlCommand scmd = new SqlCommand();
scmd.Connection = conn;
scmd.CommandType = CommandType.Text;
scmd.CommandText = insertSql;
SqlParameter firstname = new SqlParameter("#FirstName", SqlDbType.VarChar, 40);
firstname.Value = tbx.Text.ToString();
scmd.Parameters.Add(firstname);
SqlParameter lastname = new SqlParameter("#LaseName", SqlDbType.VarChar, 40);
lastname.Value = tbx1.Text.ToString();
scmd.Parameters.Add(lastname);
SqlParameter gender=new SqlParameter("#Gender",SqlDbType.VarChar,40);
gender.Value = rbt.SelectedItem.ToString();
scmd.Parameters.Add(gender);
SqlParameter age = new SqlParameter("#Age", SqlDbType.Int);
age.Value = tbx2.Text.ToString();
scmd.Parameters.Add(age);
SqlParameter relationship = new SqlParameter("#Relationship", SqlDbType.VarChar, 40);
relationship.Value = tbx3.Text.ToString();
scmd.Parameters.Add(relationship);
SqlParameter mobilenumber=new SqlParameter("#MobileNumber",SqlDbType.VarChar, 10);
mobilenumber.Value = tbx4.Text.ToString();
scmd.Parameters.Add(mobilenumber);
try
{
conn.Open();
scmd.ExecuteNonQuery();
Response.Write("User Registration successful");
}
catch (SqlException ex)
{
string errorMessage = "Error in registering user";
errorMessage += ex.Message;
throw new Exception(errorMessage);
}
finally
{
conn.Close();
}
}
}
It looks like this line is causing your problem:
string insertSql = "INSERT INTO FamilyDetails(FirstName,LastName,Gender,Age,Relationship,MobileNumber)" + "values(#FirstName,#LaseName,#Gender,,#Age,#,#MobileNumber)";
Specifically:
#FirstName,#LaseName,#Gender,,#Age,#,#MobileNumber
It Should Be:
#FirstName,#LaseName,#Gender,#Age,#Relationship,#MobileNumber
The issue is that this line:
string connectionString = ConfigurationManager.ConnectionStrings["Data Source=RAJIM -PC;Initial Catalog=RajiDatabase;Integrated Security=True"].ConnectionString;
is not retrieving any object because you don't have a ConnectionString defined your web.config with the name of "Data Source=RAJIM ..." so basically calling the .ConnectionString at the end of it breaks it.
Add the "Data Source=RAJIM..." line as a connection string in your web.config (more info on connection strings here).
Once you give your connection string a name, i.e., "MyConnectionString" then change your code to be:
string connectionString = ConfigurationManager.ConnectionStrings["MyConnectionString"].ConnectionString;
i am working on login application and i have to Encrypt and Decrypt Password using TripleDES and i have a set of coding and that coding Encryption is working good but Decryption is not working it is showing an error.
and the error is:
The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or a non-white space character among the padding characters.
and the coding is:
newuser.aspx.cs
using System;
using System.Web.UI;
using System.Data.SqlClient;
using System.Configuration;
using System.Security.Cryptography;
using System.Text;
using System.IO;
namespace WebApplication5
{
public partial class WebForm6 : System.Web.UI.Page
{
SqlConnection connection;
protected void Page_Load(object sender, EventArgs e)
{
connection = new SqlConnection(ConfigurationManager.ConnectionStrings["TestQueryConnectionString"].ConnectionString);
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
SqlConnection con1 = new SqlConnection(ConfigurationManager.ConnectionStrings["TestQueryConnectionString"].ConnectionString);
con1.Open();
SqlCommand cmd1 = new SqlCommand("select * from admin where USERNAME=#USERNAME and PASSWORD=#PASSWORD ", con1);
cmd1.Parameters.AddWithValue("#username", txtUserName.Text);
cmd1.Parameters.AddWithValue("#password", txtPassword.Text);
SqlDataReader dr = cmd1.ExecuteReader();
if (dr.HasRows)
{
ClientScript.RegisterStartupScript(Page.GetType(), "validation", "<script language='javascript'>alert('userName is already availables')</script>");
}
else
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["TestQueryConnectionString"].ConnectionString);
con.Open();
string strQuery = "insert into admin( USERNAME,PASSWORD) values('" + txtUserName.Text +
"','" + EncryptTripleDES(txtPassword.Text) + "')";
connection = new SqlConnection(ConfigurationManager.ConnectionStrings["TestQueryConnectionString"].ConnectionString);
connection.Open();
SqlCommand cmd = new SqlCommand(strQuery, connection);
cmd.ExecuteNonQuery();
connection.Close();
Response.Redirect("login.aspx");
}
con1.Close();
}
public static string EncryptTripleDES(string value)
{
TripleDESCryptoServiceProvider cryptoProvider = new TripleDESCryptoServiceProvider();
MemoryStream memoryStream = new MemoryStream();
CryptoStream cryptoStream = new CryptoStream(memoryStream, cryptoProvider.CreateEncryptor(), CryptoStreamMode.Write);
StreamWriter streamWriter = new StreamWriter(cryptoStream);
streamWriter.Write(value);
streamWriter.Flush();
cryptoStream.FlushFinalBlock();
memoryStream.Flush();
return Convert.ToBase64String(memoryStream.GetBuffer(), 0, Convert.ToInt32(memoryStream.Length));
}
}
}
login.aspx.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
using System.Security.Cryptography;
using System.IO;
namespace WebApplication5
{
public partial class WebForm4 : System.Web.UI.Page
{
SqlConnection connection;
protected void Page_Load(object sender, EventArgs e)
{
connection = new SqlConnection(ConfigurationManager.ConnectionStrings["TestQueryConnectionString"].ConnectionString);
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
SqlConnection con1 = new SqlConnection(ConfigurationManager.ConnectionStrings["TestQueryConnectionString"].ConnectionString);
con1.Open();
SqlCommand cmd1 = new SqlCommand("select * from admin where USERNAME=#USERNAME and PASSWORD=#PASSWORD ", con1);
cmd1.Parameters.AddWithValue("#username", txtUserName.Text);
cmd1.Parameters.AddWithValue("#password", EncryptTripleDES(DecryptTripleDES(txtPassword.Text)));
SqlDataAdapter da = new SqlDataAdapter(cmd1);
DataTable dt = new DataTable();
da.Fill(dt);
if (dt.Rows.Count > 0)
{
Response.Redirect("emplist.aspx");
}
else
{
ClientScript.RegisterStartupScript(Page.GetType(), "validation", "<script language='javascript'>alert('Invalid Username and Password')</script>");
}
con1.Close();
}
protected void btnClear_Click(object sender, EventArgs e)
{
txtUserName.Text = "";
txtPassword.Text = "";
}
public static string EncryptTripleDES(string value)
{
TripleDESCryptoServiceProvider cryptoProvider = new TripleDESCryptoServiceProvider();
MemoryStream memoryStream = new MemoryStream();
CryptoStream cryptoStream = new CryptoStream(memoryStream, cryptoProvider.CreateEncryptor(), CryptoStreamMode.Write);
StreamWriter streamWriter = new StreamWriter(cryptoStream);
streamWriter.Write(value);
streamWriter.Flush();
cryptoStream.FlushFinalBlock();
memoryStream.Flush();
return Convert.ToBase64String(memoryStream.GetBuffer(), 0, Convert.ToInt32(memoryStream.Length));
}
public static string DecryptTripleDES(string value)
{
TripleDESCryptoServiceProvider cryptoProvider = new TripleDESCryptoServiceProvider();
byte[] buffer = Convert.FromBase64String(value);
MemoryStream memoryStream = new MemoryStream(buffer);
CryptoStream cryptoSteam = new CryptoStream(memoryStream, cryptoProvider.CreateDecryptor(), CryptoStreamMode.Read);
StreamReader streamReader = new StreamReader(cryptoSteam);
return streamReader.ReadToEnd();
}
}
}
and plz help me on this coding pbl......,
As I can see it, the problem is in two places:
byte[] buffer = Convert.FromBase64String(value);
int the DecryptTripleDES() function and
cmd1.Parameters.AddWithValue("#password", EncryptTripleDES(DecryptTripleDES(txtPassword.Text)));
in you button submit handler.
On the first line you try to convert a Base64-encoded string into an array of bytes. All well and good if it wasn't for the fact that in this case it probably is just some random text, or a password, entered by the user into the txtPassword control.
Or do you expect users to manually encrypt the password, Base64-encode it and then enter it into the txtPassword field?
Try doing this instead:
cmd1.Parameters.AddWithValue("#password", EncryptTripleDES(txtPassword.Text));
I am a beginner in.NEt and having difficulty using the sql connection in a radio button index changed eventhandler that i defined on the page_load.
Below is my code
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
namespace Controls
{
public partial class Report_Selection : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
GridView1.HeaderStyle.Font.Bold = true;
RadioButtonList1.SelectedIndexChanged += new EventHandler(RadioButtonList1_SelectedIndexChanged);
using (SqlConnection cnn = new SqlConnection("Data Source=DBSW9079;Initial Catalog=Underwriting;Integrated Security=SSPI;"))
{
SqlCommand cmd;
SqlDataReader sdr;
if (!IsPostBack)
{
cmd = new SqlCommand("select Categoryid,CategoryTitle from Report_Category", cnn);
cnn.Open();
sdr = cmd.ExecuteReader();
SelectCategorydlist1.DataSource = sdr;
SelectCategorydlist1.DataTextField = "CategoryTitle";
SelectCategorydlist1.DataValueField = "categoryid";
SelectCategorydlist1.DataBind();
cnn.Close();
}
else
{
//It's a Post back
//make the grid visible and fill it
GridView1.Visible = true;
RadioButtonList1.SelectedValue = "1";
cmd = new SqlCommand("Select rptdesc,rptdesctext,categoryid from report_description " + "where categoryid != 99999"
+ "and categoryid = " + Convert.ToInt32(SelectCategorydlist1.SelectedValue).ToString(), cnn);
cnn.Open();
sdr = cmd.ExecuteReader();
GridView1.DataSource = sdr;
GridView1.DataBind();
sdr.Close();
{
}
}
}
}
void RadioButtonList1_SelectedIndexChanged(object sender, EventArgs e)
{
SqlCommand cmd1;
SqlDataReader sdr1;
if (RadioButtonList1.SelectedIndex.Equals(1))
{
RadioButtonList1.ClearSelection();
cmd1 = new SqlCommand("Select rptdesc,rptdesctext,categoryid from report_description "
+ "and categoryid = " + Convert.ToInt32(SelectCategorydlist1.SelectedValue).ToString(), cnn);
cnn.Open();
sdr1= cmd1.ExecuteReader();
GridView1.DataSource = sdr1;
GridView1.DataBind();
sdr1.Close();
}
}
}
}
In the above code when i use the cnn sequel connection in the event handler i get an small r
Your query in RadioButtonList1_SelectedIndexChanged appears to be incorrect. There's an and without a where:
Select rptdesc,rptdesctext,categoryid from report_description
and categoryid = ...
^^^ should be WHERE
[Below is the almost full Code modified. Currently shows illegal character error when being read].
I have a C# ASP.NET application which is currently reading an XML file from the file system and then loading it into a GridView control. In the grid I can Delete rows. There is also an file upload button below the grid which upload PDF files and they show up in the grid. My code is basically a modified version of this code
The next stage of my work involves reading the XML data as String from a database field--instead of from the XML file. For that to happen, I think I can start out by just reading from the XML file, making changes in the aspx page, and the writing the 'dataset' into a database field called 'PDF_Storage'. How can I do that. Crucially, I need to be able to convert the dataset into some kind of string format for storage. Here is my code snippet.
My database is Oracle 10 but I can figure out the Update sql syntax.
SAMPLE XML FILE:
<DataSet>
<PDF>
<pdf>MyPDF1.pdf</pdf>
</PDF>
<PDF>
<pdf>MyPDF2.pdf</pdf>
</PDF>
<PDF>
<pdf>MyPDF3.pdf</pdf>
</PDF>
</DataSet>
And the corresponding code:
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using Oracle.DataAccess.Client;
using System.Web.Configuration;
using System.IO;
using System.Xml;
using System.Text.RegularExpressions;
public partial class XMLGridTest : System.Web.UI.Page
{
public static string GetConnString()
{
return WebConfigurationManager.ConnectionStrings["ConnectionString"].ToString();
}
protected void Page_Load(object sender, EventArgs e)
{
if (!Page.IsPostBack)
{
binddata();
}
}
void binddata()
{
DataSet ds = new DataSet();
// ds.ReadXml(Server.MapPath("testxml.xml"));
String strConnect = GetConnString();
OracleConnection oracleConn = new OracleConnection();
oracleConn.ConnectionString = strConnect;
oracleConn.Open();
OracleCommand cmd = new OracleCommand();
cmd.Connection = oracleConn;
cmd.CommandType = CommandType.Text;
cmd.CommandText = "SELECT PDF_Storage FROM CampusDev.CU_POLY WHERE OBJECTID = " + Request.QueryString["OBJECTID"];
OracleDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
if (!reader.IsDBNull(0))
{
//## Line Below as the 'illegal characters' problem###
ds.ReadXml(reader[0].ToString(), XmlReadMode.IgnoreSchema);
gv.DataSource = ds;
gv.DataBind();
}
else
{
// Response.Write(reader.GetString(1));
// TextBox1.Text = reader.GetString(1);
}
}
// gv.DataSource = ds;//##Hard coded for XML. Works!
// gv.DataBind();
//Finally, close the connection
oracleConn.Close();
}
protected void Canceldata(object s, GridViewCancelEditEventArgs e)
{
gv.EditIndex = -1;
binddata();
}
protected void pageddata(object s, GridViewPageEventArgs e)
{
gv.PageIndex = e.NewPageIndex;
binddata();
}
protected void insert(object sender, EventArgs e)
{
/////////////////////////////////File Upload Code/////////////////////////////////
// Initialize variables
string sSavePath = "ParcelPDF/"; ;
if (fileupload.PostedFile == null)
{
Label1.Text = "Must Upload a PDF file!";
return;
}
HttpPostedFile myFile = fileupload.PostedFile;
int nFileLen = myFile.ContentLength;
// Check file extension (must be JPG)
if (System.IO.Path.GetExtension(myFile.FileName).ToLower() != ".pdf")
{
Label1.Text = "The file must have an extension of .pdf";
return;
}
// Read file into a data stream
byte[] myData = new Byte[nFileLen];
myFile.InputStream.Read(myData, 0, nFileLen);
// Make sure a duplicate file doesn’t exist. If it does, keep on appending an incremental numeric until it is unique
string sFilename = System.IO.Path.GetFileName(myFile.FileName);
int file_append = 0;
while (System.IO.File.Exists(Server.MapPath(sSavePath + sFilename)))
{
file_append++;
sFilename = System.IO.Path.GetFileNameWithoutExtension(myFile.FileName) + file_append.ToString() + ".pdf";
}
// Save the stream to disk
System.IO.FileStream newFile = new System.IO.FileStream(Server.MapPath(sSavePath + sFilename), System.IO.FileMode.Create);
newFile.Write(myData, 0, myData.Length);
newFile.Close();
binddata();
DataSet ds = gv.DataSource as DataSet;
DataRow dr = ds.Tables[0].NewRow();
// dr[0] = pdf.Text;
dr[0] = sFilename.ToString();
ds.Tables[0].Rows.Add(dr);
ds.AcceptChanges();
string blah = "blah";
Response.Write(ds.Tables.ToString());
// ds.WriteXml(Server.MapPath("testxml.xml"));
String strConnect = GetConnString();
OracleConnection oracleConn = new OracleConnection();
oracleConn.ConnectionString = strConnect;
oracleConn.Open();
OracleCommand cmd = new OracleCommand();
cmd.Connection = oracleConn;
cmd.CommandType = CommandType.Text;
// cmd.CommandText = "SELECT OBJECTID,COMMENTS FROM CampusDev.CU_POLY WHERE OBJECTID = " + Request.QueryString["OBJECTID"];
cmd.CommandText = "UPDATE CampusDev.CU_POLY SET PDF_Storage = :PDF_Storage WHERE OBJECTID = " + Request.QueryString["OBJECTID"];
StringWriter SW = new StringWriter();
ds.WriteXml(SW);
cmd.Parameters.Add(":PDF_Storage", SW.ToString());
cmd.ExecuteNonQuery();
oracleConn.Close();
binddata();
}
protected void Deletedata(object s, GridViewDeleteEventArgs e)
{
binddata();
DataSet ds = gv.DataSource as DataSet;
ds.Tables[0].Rows[gv.Rows[e.RowIndex].DataItemIndex].Delete();
// ds.WriteXml(Server.MapPath("testxml.xml"));//Disabled now. Do database. Irfan. 07/09/10
String strConnect = GetConnString();
OracleConnection oracleConn = new OracleConnection();
oracleConn.ConnectionString = strConnect;
oracleConn.Open();
OracleCommand cmd = new OracleCommand();
cmd.Connection = oracleConn;
cmd.CommandType = CommandType.Text;
cmd.CommandText = "UPDATE CampusDev.CU_POLY SET PDF_Storage = :PDF_Storage WHERE OBJECTID = " + Request.QueryString["OBJECTID"];
StringWriter SW = new StringWriter();
ds.WriteXml(SW,XmlWriteMode.IgnoreSchema);
Regex regex = new Regex(#"(\r\n|\r|\n)+");
string newText = regex.Replace(SW.ToString(), "");
cmd.Parameters.Add(":PDF_Storage", newText);
cmd.ExecuteNonQuery();
oracleConn.Close();
binddata();
string blah = "blah";
}
Here is how I have done this in the past. For the insert you can basically just write the dataset's xml representation out to a string and save it directly to a field in the database. In this case I leveraged Sql Server 2008 and an XML datatype for the database field. I think the datatype in Oracle is XMLTYPE.
Insert:
public static void InsertDataSet(string key, DataSet dataSet)
{
string xml = string.Empty;
using (MemoryStream ms = new MemoryStream())
{
dataSet.WriteXml(ms, XmlWriteMode.WriteSchema);
ms.Position = 0;
using (StreamReader sr = new StreamReader(ms))
{
xml = sr.ReadToEnd();
}
using (SqlServerConnection c = new SqlServerConnection(connectionString))
{
c.command.CommandType = CommandType.StoredProcedure;
c.command.CommandText = "some stored procedure to do the insert";
c.command.Parameters.Clear();
c.command.Parameters.Add(new SqlParameter("#key", key));
c.command.Parameters.Add(new SqlParameter("#xml", xml));
c.command.ExecuteNonQuery();
}
}
}
Getting the dataset back out of the database is as simple as reading the xml data from the database back into a TextReader and then building a new DataSet.
Get:
public static DataSet GetDataSet(string key)
{
using (SqlServerConnection c = new SqlServerConnection(connectionString))
{
c.command.CommandType = CommandType.StoredProcedure;
c.command.CommandText = "some stored procedure to get the xml";
c.command.Parameters.Clear();
c.command.Parameters.Add(new SqlParameter("#key", key));
dr = c.command.ExecuteReader();
if (dr == null)
{
return null;
}
if (dr.HasRows)
{
while (dr.Read())
{
if (dr["xml_field"] != DBNull.Value)
{
TextReader tr = new StringReader(dr["xml_field"].ToString());
result = new DataSet();
result.ReadXml(tr, XmlReadMode.ReadSchema);
}
}
}
}
return result;
}
Hope this helps.
Enjoy!