implicit Conversion (varchar to varbinary) not allowed, use the CONVERT

Question

implicit Conversion (varchar to varbinary) not allowed, use the CONVERT

Asked 6 years, 10 months ago

Viewed 97 times

0

I’m trying to make a system that obtains images and saves them in a specific database, but I can’t solve this error (I’ve already applied CONVERT to SQL but it hasn’t solved).
(Error area)

//Aqui vai entrar a gravação do db
SqlConnection conect = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\Database1.mdf;Integrated Security=True");
    SqlCommand comm = null;
    string strSQL;
    string baseimage;
    conect.Open();
    method = converter(imagensPictureBox.Image);
    strSQL = "INSERT INTO dbo.[Dados principais](Denuncias, [Denuncia ID], Empresa, Data, Denunciado,Imagens)VALUES('" + denunciasTextBox.Text + "', '" + denuncia_IDTextBox.Text + "', '" + empresaComboBox.Text + "', '" + dataDateTimePicker.Value.ToString() + "', '" + denunciadoTextBox.Text + "','" + methodToaBase64String + "')";
    comm = new SqlCommand(strSQL, conect);
    comm.ExecuteNonQuery();
    conect.Close();
    MessageBox.Show("Denúncia arquivada");
}
catch (Exception xx)
{
    MessageBox.Show("Erro detectado" + xx.Message);
}       
// Aqui fecha a db.

Convert is a function that passes the image to Byte[]. I’m allocating the die in a varbinary column.

Note: "Base64" is a string not an array of bytes

– Leandro Angelo

2018/01/22 at 10:12
Yes, I converted and forgot to warn on the theme

– Alexandre K vieira

2018/01/22 at 10:25
1

Never, ever, ever in this world do string concatenation when mounting SQL commands. If I inject a code no matter how simple it is into these text components of yours, I can delete your entire database or create a function that I can send to an external host for each record insertion. In addition, as it is sql server, it stores the image in a blob in the database, taking the bytes from the image. And again, use parameters in Insert, they already handle sql types without having to convert.

– Grupo CDS Informática

2018/01/22 at 10:25
then I saved in blob not in varbinary?

– Alexandre K vieira

2018/01/22 at 10:26
It may be in varbinary, but as the colleague said, use typed meters

– Leandro Angelo

2018/01/22 at 10:41
Could you explain to me what would be these typed parameters ? I searched the internet and found nothing very conclusive.

– Alexandre K vieira

2018/01/26 at 01:52

Show 1 more comment

No answers

Browser other questions tagged c# sql

You are not signed in. Login or sign up in order to post.