Picturebox parameter error

Question

0.00/5 (No votes)

See more:

Hello, I have created a database which we use to store and retrieve records that include images. I am able to insert text records as well as images into the database.
My problem is, when I am trying to search records to retrieve and display their image into a picturebox I get "PARAMETER NOT VALID" error. This is the code I used for the picturebox.

This is the code I used:

VB

Dim bytBLOBData() As Byte = datTable.Rows(incount)
Dim stmBLOBData As New MemoryStream(bytBLOBData)
Me.PictuPictureBox.Image = Image.FromStream(stmBLOBData)------(i get the error here)

Please help me, thanks!

Posted 4-Jul-13 3:00am

TugBest

Updated 4-Jul-13 3:19am

Manfred Rudolf Bihy

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2013-07-04T03:26:00

Solution 1

It's probably not that code - it's likely to be the way you save it into the database in the first place. See here: Why do I get a "Parameter is not valid." exception when I read an image from my database?[^]

"what is parameterized query, i dont tnk i hav got an answer. By your comment it means that my image is not actually saving in the database....so what can i do to save it into the database and later retrieve it into a picture box....."

When you build an SQL query by concatenation:

VB

Dim strsql As String = "insert into PersonalPro(SurNames,Gender,DOB,pictu)values('" + SurNamesTextBox.Text + "','" + GenderComboBox.Text + "','" + DOBDateTimePicker.Text + "','"+ PictuPictureBox.ImageLocation + "')"

You are assembling a string but combining other strings, obviously. But this has some effects which aren't immediately apparent. For example:

VB

Dim userName As String = "Mike"
Dim sql As String = "SELECT * FROM myTable WHERE User='" + userName + "'"

Generate a string which SQL can understand:

SQL

SELECT * FROM myTable WHERE User='Mike'

But when you use an array of bytes:

VB

Dim data As Byte() = File.ReadAllBytes("D:\Temp\MyPic.jpg")
Dim sql As String = "INSERT INTO myTable (Picture) VALUES ('" & data & "')"

What you get is not the same, because data is not a string, so the default ToString method is implied in order to complete the statement:

VB

Dim data As Byte() = File.ReadAllBytes("D:\Temp\MyPic.jpg")
Dim sql As String = "INSERT INTO myTable (Picture) VALUES ('" & data.ToString & "')"

Since arrays do not implement a ToString override, the default object version is called, wihich returns the name of the class, rather than the data content:

SQL

INSERT INTO myTable (Picture) VALUES ('System.Byte[]')

So the value inserted into your database is just that: the text "System.Byte" rather than the file content.
This is what you saw when you wrote the DB content to a file and looked at it.

To get round this, you use what is called a Parametrized query: you use a "place marker" in your SQL statement, and supply a parameter with a value that matches it:

VB

Using con As New SqlConnection(strConnect)
	con.Open()
	Using com As New SqlCommand("INSERT INTO myTable (Picture) VALUES (@PIC)", con)
                Dim data As Byte() = File.ReadAllBytes("D:\Temp\MyPic.jpg")
		com.Parameters.AddWithValue("@PIC", data)
		com.ExecuteNonQuery()
	End Using
End Using

The "place marker" in the SQL statement is @PIC which is just a named SQL variable. You then create a Parameter with the same name, and give it the data. Because you aren't playing with string conversions at any time, it all works seamlessly.

This is important!
There is another advantage of using Parameterized queries: which is that it prevent your users from damaging or destroying your database by typing into your text boxes.

No, I'm not joking. If you concatenate strings:

VB

Dim sql As String = "INSERT INTO myTable (Picture) VALUES ('" & myTextBox.Text & "')"

Then exactly what your user types will be sent to SQL server.

So if your user types

Mike');DROP TABLE myTable;--

and presses the "Enter" or "Login" button, then the string sent to SQL is:

SQL

INSERT INTO myTable (Picture) VALUES ('Mike');DROP TABLES myTable;--')

Which SQL sees as two separate commands and a comment. It does the select, and will return the data to your application, but it then deletes the table from your database...and you can't get it back.

This is called an SQL Injection attack, and it is the simplest, most stupid, most dangerous mistake any database coder can make. Potentially, it bypasses any security you use, and puts your DB at the complete control of someone on the other side of the world...
If you do the same thing as a parameterized query, nothing nasty happens - so always use them, even for trivial stuff!

Posted 4-Jul-13 3:26am

OriginalGriff

Updated 10-Jul-13 5:26am

v2

Comments

TugBest 4-Jul-13 9:50am

thanks....but my code works in MS access to retrieve image from database but when i use SQL it doesnt work....and right now am using SQL DATABASE

OriginalGriff 4-Jul-13 9:53am

And did you use *exactly* the same code to insert it in the DB? Did you check the SQL DB content?

TugBest 4-Jul-13 10:13am

when i check the SQL db content i can see that it has written <binarydata> in the column where i insert the image from the vb platform...but i wanted to display what is in that column...i guess it is the image i inserted which displays in the SQL DB COLUMN as <binary data="">

its like

NAME ADDRESS AGE PICTURE
kofi plt streeT 12 <binary data="">

I did not use the same code to insert it into the DB I used an INSERT STATEMENT .....

Any way my datatype in Ms Acess was Attachment and In SQL is selected IMAGE as my datatype.

THIS IS THE CODE... I USED TO PICK THE IMAGE INTO THE PICTURE BOX and saved it with insert statement

With OpenFileDialog1 'Executes a series of statements making repeated reference to a single object or structure.
.Title = "Please Select a Image" 'title
.InitialDirectory = "C:\" 'browse start directory
.Filter = "JPEG(*.jpg;*.jpeg;*.jpe.*.jfif)|*.jpg; *.jpeg; *.jpe; *.jpe"
.FilterIndex = 0 'index number filter
.FileName = "" 'empty
Dim answ = .ShowDialog
If answ = DialogResult.OK Then 'if answer not cancel, etc..
PictuPictureBox.ImageLocation = .FileName 'picterebox imagelocation = dlg_openfile.filename
'PictuPictureBox.Image = Image.FromFile(OpenFileDialog1.FileName)

End If
End With

Any way my datatype in Ms Acess was Attachment and In SQL i selected IMAGE as my datatype.

OriginalGriff 4-Jul-13 10:54am

Show the INSERT statement you used for the SQL.

TugBest 5-Jul-13 7:58am

CODE:

Dim strsql As String = "insert into PersonalPro(SurNames,Gender,Pictu SurNamesTextBox.Text + "','" + GenderComboBox.Text + "','" + PictuPictureBox.ImageLocation + "')"
Dim strcon As String = "provider=sqloledb;Data Source=vv-PC;Initial Catalog=immdata;Integrated Security=SSPI"
Dim oda As New OleDb.OleDbDataAdapter(strsql, strcon)
Dim dTable As New DTable

oda.Fill(dTable)

OriginalGriff 5-Jul-13 8:09am

Um.
That wouldn't compile...I think you missed a bit. :laugh:

TugBest 5-Jul-13 8:16am

OK ....what about this one :.....

Dim strsql As String = "insert into PersonalPro(SurNames,Gender,Pictu) values ('"+SurNamesTextBox.Text + "','" + GenderComboBox.Text + "','" + PictuPictureBox.ImageLocation + "')"
Dim strcon As String = "provider=sqloledb;Data Source=vv-PC;Initial Catalog=immdata;Integrated Security=SSPI"
Dim oda As New OleDb.OleDbDataAdapter(strsql, strcon)
Dim dTable As New DTable

oda.Fill(dTable)

OriginalGriff 5-Jul-13 9:29am

Well, there is your problem...
Your Pictu field is getting set to the path to the file, rather than the file content. You either need to change that to read the file as a byte array (or convert the PictureBox.Image data to a byte array), or read the file when you load the image path back out of the database.

TugBest 8-Jul-13 8:59am

how do i make it into a byte array....
am having trouble changing it to a byte array..

OriginalGriff 8-Jul-13 9:36am

To get it as a byte array from a file:
Dim data As Byte() = File.ReadAllBytes(path)
To convert an Image to a byte array:
Dim ms As New MemoryStream()
myImage.Save(ms, System.Drawing.Imaging.ImageFormat.Bmp)
Dim data As Byte() = ms.ToArray()

TugBest 9-Jul-13 14:58pm

still getting errors

perhaps how can i alter my code into yours

Dim bytBLOBData() As Byte = datTable.Rows(incount)("Pictu")
Dim stmBLOBData As New IO.MemoryStream(bytBLOBData)
PictuPictureBox.Image = Image.FromStream(stmBLOBData)----(parameter is not valid)

OriginalGriff 9-Jul-13 15:37pm

If you are still getting the "parameter not valid" error, post your save code in it's completeness (just the stuff that goes from an Image to the DB, not the whole file!) and I'll look at it in the morning.

TugBest 10-Jul-13 8:12am

Dim strsql As String = "insert into PersonalPro(SurNames,Gender,DOB,pictu)values('" + SurNamesTextBox.Text + "','" + GenderComboBox.Text + "','" + DOBDateTimePicker.Text + "','"+ PictuPictureBox.ImageLocation + "')"
Dim strcon As String = "provider=sqloledb;Data Source=GH-PC;Initial Catalog=stdata;Integrated Security=SSPI"
Dim odapre As New OleDb.OleDbDataAdapter(strsql, strcon)
Dim datTable As New DataTable

odapre.Fill(datTable)

MsgBox("Successfully Done", MsgBoxStyle.Information, "DONE")

this code saves it into the database as (binary data)

but am havin errors when i decide to retrieve this from the database into a picture box ..... that is when i use the code below

Dim bytBLOBData() As Byte = datTable.Rows(incount)("Pictu")
Dim stmBLOBData As New IO.MemoryStream(bytBLOBData) PictuPictureBox.Image = Image.FromStream(stmBLOBData)----(parameter is not valid)

OriginalGriff 10-Jul-13 8:22am

That is the same code as you were using 4 days ago!
It doesn't save the image file content - go back 4 days in the comments here...

TugBest 10-Jul-13 8:30am

thank u very much for the help so far...i really appreciate that

but when i click on the button to save it .....i check from the sql table and see that the picture field has become (binary data) meaning it has saved it

so how can i save the image content and later retrieve it into a picture box by using a search box

OriginalGriff 10-Jul-13 8:53am

Just because there is something in the field doesn't mean it is the right data.
Try an experiment: Read the data out of your database into a byte array, and save that to a file. Then use an editor (preferably a hex-compatible one) to look at the file content. Can you read the data as if it was English?

TugBest 10-Jul-13 8:59am

so shud i change the datatype for the Picture field in sql the table.

cos is used a smilar code and it worked with Ms Acess but with SQL it doesnt work....the datatype in Ms Acess was ..attachment

OriginalGriff 10-Jul-13 9:03am

No - If the datatype is a binary type (VARBINARY for example) then it's fine. You want a binary format so that no character set conversion will ever take place.
What did you find in the file you wrote?

TugBest 10-Jul-13 9:19am

am still trying to write it
....what does it mean if i can read the data as like English

OriginalGriff 10-Jul-13 9:23am

It means "if you open the file in an editor, does it look like meaningless random rubbish, or are there readable English words in there?"

TugBest 10-Jul-13 9:27am

any way my datatype for the Picture field in SQL is (IMAGE)

OriginalGriff 10-Jul-13 9:48am

That's fine - it's a binary format field - just it's a bit outdated, and not recommended for new applications:
http://msdn.microsoft.com/en-us/library/ms187993.aspx

TugBest 10-Jul-13 9:51am

it display as system.byte[] when i write to file

OriginalGriff 10-Jul-13 10:02am

Which means it has saved the datatype of the image to the database instead of the actual file content. As I said it would six days ago!

Take a deep breath, and go back to the tip I posted you a link to. Then follow the instructions, and use a parameterized query!

TugBest 10-Jul-13 10:21am

what is parameterized query, i dont tnk i hav got an answer. By your comment it means that my image is not actually saving in the database....so what can i do to save it into the database and later retrieve it into a picture box.....

OriginalGriff 10-Jul-13 11:26am

Do they not teach you about SQL Injection any more? :OMG:
Answer updated!

[no name] 10-Jul-13 11:29am

Maybe you should change your name to "SaintGriff"... :-)

OriginalGriff 10-Jul-13 11:48am

:laugh:
And be associated with a bunch of child abusers? No thanks!

TugBest 11-Jul-13 9:25am

ok tanks

OriginalGriff 11-Jul-13 9:26am

You're welcome!