How can I insert uploaded images into a database?

I want to insert uploaded image in root directory images folder and its path to image column in database.

I am using the following code. It i开发者_StackOverflownserts the path to images in the database column, but not the filename:

Protected Sub Button3_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button3.Click
    On Error Resume Next
    If FileUpload1.HasFile Then
        FileUpload1.SaveAs(IO.Path.Combine(Server.MapPath("images"), FileUpload1.FileName))
    End If
    '/// upload images
    Dim con As New SqlConnection
    Dim cmd As New SqlCommand
    con.ConnectionString = "Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True"
    con.Open()
    cmd.Connection = con
    cmd.CommandText = "INSERT INTO Table3 (city, hotel, location, avialiability, room, price, image, category, from1, to1, price1, from2, to2, price2, from3, to3, price3, details) VALUES('" & Trim(DropDownList1.SelectedItem.Text) & "','" & Trim(DropDownList2.SelectedItem.Text) & "','" & Trim(TextBox5.Text) & "','" & Trim(TextBox6.Text) & "','" & Trim(DropDownList3.SelectedItem.Text) & "','" & Trim(TextBox7.Text) & "','" & "images/" & FileUpload1.FileName & "','" & Trim(TextBox17.Text) & "','" & Trim(TextBox8.Text) & "','" & Trim(TextBox9.Text) & "','" & Trim(TextBox10.Text) & "','" & Trim(TextBox11.Text) & "','" & Trim(TextBox12.Text) & "','" & Trim(TextBox13.Text) & "','" & Trim(TextBox14.Text) & "','" & Trim(TextBox15.Text) & "','" & Trim(TextBox16.Text) & "','" & (Editor1.Content) & "')"
    cmd.ExecuteNonQuery()
    con.Close()
End Sub

Try this:

    Dim cmd As MySqlCommand = Nothing
    Try
        Dim query As String = "INSERT INTO (city, hotel, location) VALUES (@city, @hotel, @location)"
        cmd = New MySqlCommand(query, connection)
        cmd.Parameters.AddWithValue("@city", ddlCity.SelectedItem.Text)
        cmd.Parameters.AddWithValue("@title", txtTitle.Text)
        cmd.Parameters.AddWithValue("@location", txtLocation.Text)
        cmd.ExecuteNonQuery()
    Catch ex As Exception
        Messagebox.Show("Error: " & ex.Message, MsgBoxStyle.Critical)
    End Try

There are several important things to remember here:

1. Use Naming Conventions and Meaningful Names for your components. Such as txtCity for a TextBox that holds City data. You'll avoid confusion this way.
2. Use Parameterized Query when building your SQL CommandText next time and always avoid using string concatenation. This saves you lot of time and headache (also for us ;D). By doing so, you can easily change the values in the query. Also when you use string concatenation to build query strings, you'll encounter problems when your values have special characters but by using SQL Parameters this will be avoided.

It inserts the path to images in the database column, but not the filename.

You can try checking the source for the filename value by setting a breakpoint in that part of the code so you can follow and check it.

Hope this helps.

Try this:

''//cmd.ExecuteNonQuery() _{Comment out for now.}
Response.Write(cmnd.CommandText)

Take a look at the commandText and if you can figure out the problem. If part of the Insert statement works its probably a simple SQL syntax error which you should be able to pick up visually. If you still can't see the problem post your code here.

Incidentally, building up your SQL command strings like this is only going to cause headaches. Try using a Parameterised Query in future - it'll go a long way to securing your application from real-world SQL Injection attacks and save hours of your life ;-)

HTH