protected void Upload(object sender, EventArgs e)
{
//Extract Image File Name.
string fileName = Path.GetFileName(FileUpload1.PostedFile.FileName);
//Set the Image File Path.
string filePath = "~/Uploads/" + fileName;
//Save the Image File in Folder.
FileUpload1.PostedFile.SaveAs(Server.MapPath(filePath));
string mycon = "server =localhost; Uid=root; password = ; persistsecurityinfo = True; database =ovs; SslMode = none";
MySqlConnection con1 = new MySqlConnection(mycon);
// string sql = "INSERT INTO candidate VALUES(@Name, @Path)";
MySqlCommand cmd = null;
cmd = new MySqlCommand("INSERT INTO candidate(candidateImage,path where studentID ='" + Session["UserName"] + "') VALUES (@Name,@Path)", con1);
cmd.Parameters.AddWithValue("@Name", fileName);
cmd.Parameters.AddWithValue("@Path", filePath);
con1.Open();
cmd.ExecuteNonQuery();
con1.Close();
}
When the users click the upload button, the image and path will be saved to the database that belongs to the specific users. For example, the users with ID R1001 login into their account, and when they click the upload button, the picture and path will be saved under the R1001 in the database. I show the error message which suggests there is a syntax error, but I not able to find it
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
You do not need Where when you want to insert data into your table.
I removed where in your command and used a parameter for sessionId.
protected void Upload(object sender, EventArgs e)
{
//Extract Image File Name.
string fileName = Path.GetFileName(FileUpload1.PostedFile.FileName);
//Set the Image File Path.
string filePath = "~/Uploads/" + fileName;
//Save the Image File in Folder.
FileUpload1.PostedFile.SaveAs(Server.MapPath(filePath));
string mycon = "server =localhost; Uid=root; password = ; persistsecurityinfo = True; database =ovs; SslMode = none";
MySqlConnection con1 = new MySqlConnection(mycon);
// string sql = "INSERT INTO candidate VALUES(@Name, @Path)";
SqlCommand cmd = null;
string command = "update candidate set <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="2d4e4c434944494c594864404c4a48106d634c4048">[email protected]</a> ,path = @Path where <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="3d6e4948595853497479007d4e4948595358497459">[email protected]</a>";
cmd = new MySqlCommand(command, con1);
cmd.Parameters.AddWithValue("@Name", fileName);
cmd.Parameters.AddWithValue("@Path", filePath);
cmd.Parameters.AddWithValue("@studnetId", Session["UserName"]??""); // if student id is accept number in database, you must convert it to int
con1.Open();
cmd.ExecuteNonQuery();
con1.Close();
}
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0