Saving file path in Mysql

Asked

Viewed 407 times

3

I’m having trouble saving file address in the database. When saving the address in the bank it is adding the amount of times I used the OpenFileDialog to save a file.

Always save the address like this C:\Users\phili\Desktop\PDF_SGIM_QUALIDADE_CNH\certificadocalibracao.pdf12

Always put a numeral after the extension.

Why is this happening?

private void tsbtnGravar_Click(object sender, EventArgs e)
        {

            try
            {
                if (identificacaoTextBox.Text == "")
                {
                    MessageBox.Show("Informe a Identificação do Instrumento.", "Warning", MessageBoxButtons.OK, MessageBoxIcon.Warning);
                    identificacaoTextBox.Focus();
                }

                else if (descricaoTextBox.Text == "")
                {
                    MessageBox.Show("Informe s Descrição do Instrumento.", "Warning", MessageBoxButtons.OK, MessageBoxIcon.Warning);
                    descricaoTextBox.Focus();
                }

                else
                {
                    if (status == "novo")
                    {
                        cmd.CommandText = "INSERT INTO tb_Intrumento (identificacao,Descricao,Marca, Modelo,Serial,Capacidade,Frequencia,Data_Calibracao,Vencimento_Calibrecao,Certificado) VALUES('" + identificacaoTextBox.Text + "','" + descricaoTextBox.Text + "','" + marcaTextBox.Text + "','" + modeloTextBox.Text + "','" + txb_Numero_Serie.Text + "','" + capacidadeTextBox.Text + "','" + tcb_Frequencia_Calibracao.Text + "','" + txb_Data_Calibracao.Text + "','" + txb_Vencimento_Calibracao.Text + "','" + txb_caminho.Text + "','" +
                        cmd.ExecuteNonQuery();
                        cmd.Dispose();
                        MessageBox.Show("Registro salvo com sucesso.", "Salvar", MessageBoxButtons.OK, MessageBoxIcon.Information);
                    }

                    else if (status == "editar")
                    {
                        cmd.CommandText = "INSERT INTO tb_Instrumento SET Identificacao='" + identificacaoTextBox.Text + "',  Descricao='" + descricaoTextBox.Text + "',Marca='" + marcaTextBox.Text + "', Modelo='" + modeloTextBox.Text + "', Serie='" + txb_Numero_Serie.Text + "', Capacidade='" + capacidadeTextBox.Text + "', Frequencia='" + tcb_Frequencia_Calibracao.Text + "', Data_Calibracao='" + txb_Data_Calibracao.Text + "', Vencimento_Calibracao='" + txb_Vencimento_Calibracao.Text + "', Certificado='"  + txb_caminho.Text +
                             lstvInstrumentos.Items[lstvInstrumentos.FocusedItem.Index].Text + "'";
                        cmd.ExecuteNonQuery();
                        MessageBox.Show("Registro atualizado com sucesso.", "Atualizar", MessageBoxButtons.OK, MessageBoxIcon.Information);
                    }
                    carregaVariaveis();
                    btn_Limpar_Dados.PerformClick();
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.ToString());
            }
        }

Below follows code that inserts the path in the textbox:

private void btn_Carregar_Certificado_Click(object sender, EventArgs e)
        {

            OpenFileDialog abrir = new OpenFileDialog();
            abrir.ShowDialog();

           // openFileDialog1.ShowDialog();
            txb_caminho.Text = abrir.FileName.Replace(@"\", @"\\");
        }
  • Aside from the huge security problem, the names of variables that do not follow the C# nomenclature pattern and I don’t understand why the Replace, I didn’t see why this is happening. As far as I know the property FileName does not generate this on its own. Try to isolate the problem.

  • I removed replace, but still the error continues. When saving the path in the database it adds the numeral after the end of the path.

2 answers

5

Make the query safely and the problem will solve itself:

var cmd = new SqlCommand("INSERT INTO tb_Instrumento SET Identificacao = @Identificao, Descricao = @Descricao, ... aqui vai colocar todos os campos ..., Certificado = @Certificado, ... pode ter outros aqui", connection);

cmd.Parameters["@Identificacao"].Value = identificacaoTextBox.Text;
cmd.Parameters["@Descricao"].Value = descricaoTextBox.Text;
... todos os parâmetros aqui
cmd.Parameters["@Certificado"].Value = txb_caminho.Text;

I put in the Github for future reference.

The code the way it is is not only wrong, it has serious security problems.

  • 1

    I was corrected for this by not using Parameters. I’m trying to deepen my knowledge, thanks for the tip.

  • 2

    Even if the problem is fixed, it is worth changing your code to follow this pattern. Using this alternative may seem more complicated initially, but it greatly facilitates maintenance, so that in the future it is easier to identify other errors...

  • I’m going to change the whole system code, follow the advice that was given by you. It was lack of experience anyway. I will try to create classes to manage this data. I will research more on the subject and try to apply, I do not have much knowledge about project management, despite being trained in the area. Thanks for the tips, will be of great value...

  • @Philipesaid are you having any problems using the site? I saw that you switched the acceptance of the answer a few times? The one that is now accepted is the one that you really want to accept? You can choose any of them, but only one. And you can vote for all of them. Your comment says you’ll adopt what I answered, but accept the other, it gets weird.

  • I’m having difficulties yes, first time using the site. I tried to vote for both, so this confusion.

  • @Philipesaid gives a read on the [tour], the acceptance can only one (it’s like the radio button), the vote can on everything in the whole site, not only in your things. Then it is your decision of which you consider best for your question. It’s okay if you choose the other, I just want you to do this consciously, not because you didn’t understand the mechanism and accept it was by luck.

Show 1 more comment

2


The cmd.CommandText of if (status == "novo") is concatenating the next line along with the query.
The next line being cmd.ExecuteNonQuery();, that returns the Id of the Insert that she has just performed.

So just put a ; after the txb_caminho.Text instead of as it is now: _Calibracao.Text + "','" + txb_caminho.Text + "','" +.

  • I will correct that point and execute the application, as soon as I have the result I will speak to you again. Thank you

Browser other questions tagged

You are not signed in. Login or sign up in order to post.