I am developing a winform application in VS 2010 C#. I have developed a form to insert and update the user details in this.
My Update user form is as below image
![Update User Screen][1]
And coding to update is
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;
using Microsoft.VisualBasic;
using System.Drawing.Imaging;
using System.IO;
namespace SampleApplication
public partial class UserUpdate : Form
public UserUpdate()
SqlDataAdapter da;
SqlConnection con = new SqlConnection("user id=sa; password=123;initial catalog=Inventory;data source=Aniket-PC");
SqlCommand cmd;
MemoryStream ms;
byte[] photo_array;
DataSet ds;
int rno = 0;
string str;
private void nameTxt_Validating(object sender, CancelEventArgs e)
if (nameTxt.Text.Trim().Length == 0)
namewarning.Visible = true;
namewarning.Visible = false;
private void Update_Load(object sender, EventArgs e)
contTxt.MaxLength = 10;
void retriveImg()
cmd = new SqlCommand("Select Logo from Register where UserName='" + uNameTxt.Text + "'", con);
da = new SqlDataAdapter(cmd);
ds = new DataSet("MyImage");
da.Fill(ds, "MyImage");
DataRow myRow;
myRow = ds.Tables["MyImage"].Rows[0];
photo_array = (byte[])myRow["Logo"];
ms = new MemoryStream(photo_array);
profPic.Image = Image.FromStream(ms);
void retriveData()
cmd = new SqlCommand("Select * from Register where UserName='"+uNameTxt.Text+"'",con);
SqlDataReader read = cmd.ExecuteReader();
while (read.Read())
nameTxt.Text = (read["Name"].ToString());
passTxt.Text = (read["Password"].ToString());
conPassTxt.Text = (read["Password"].ToString());
emailTxt.Text = (read["EmailId"].ToString());
addTxt.Text = (read["Address"].ToString());
contTxt.Text = (read["ContactNo"].ToString());
DORTxt.Text = (read["DOR"].ToString());
validity.Text = "Account Valid till "+(read["Validity"].ToString());
private void AttachBtn_Click(object sender, EventArgs e)
// Open image by OpenFiledialog and show it in PicturBox.
//filter only image format files.
openFileDialog1.Filter = "jpeg|*.jpg|bmp|*.bmp|all files|*.*";
DialogResult res = openFileDialog1.ShowDialog();
if (res == DialogResult.OK)
Image img = new Bitmap(openFileDialog1.FileName);
//inserting image in PicturBox
profPic.Image = img.GetThumbnailImage(127, 128, null, new IntPtr());
openFileDialog1.RestoreDirectory = true;
MessageBox.Show("Cannot upload image");
private void UpdateBtn_Click_1(object sender, EventArgs e)
string DOM = dateTimePicker1.Value.ToShortDateString();
if (namewarning.Visible == true || picError.Visible == true || PassError.Visible == true || emailwarningImg.Visible == true)
MessageBox.Show("Please correct the marked fields");
//cmd = new SqlCommand("update Register set (Name,Password,EmailId,Address,ContactNo,Logo,DOM) values('" + nameTxt.Text.Trim() + "','" + passTxt.Text.Trim() + "','" + emailTxt.Text.Trim() + "','" + addTxt.Text.Trim() + "','" + contTxt.Text.Trim() + "',@Logo,'" + DOM+ "')", con);
str = string.Format("update Register set Name='{0}', Password='{1}',EmailID='{2}',Address='{3}',ContactNo='{4}',Logo='{5}',DOU='{6}' where UserName='{7}'", nameTxt.Text.Trim(), passTxt.Text.Trim(), emailTxt.Text.Trim(),addTxt.Text.Trim(), contTxt.Text.Trim(), @"Logo" ,DOM,uNameTxt.Text);
cmd = new SqlCommand(str, con);
int count= cmd.ExecuteNonQuery();
if (count > 0)
MessageBox.Show("need to work");
void con_photo()
if (profPic.Image != null)
ms = new MemoryStream();
profPic.Image.Save(ms, ImageFormat.Jpeg);
byte[] photo_array = new byte[ms.Length];
ms.Position = 0;
ms.Read(photo_array, 0, photo_array.Length);
cmd.Parameters.AddWithValue("@Logo", photo_array);
when i run the application it executes very well and shows me success message but when i again try to view the update user form it shows below screenshot error
at retriveImg ()
Please help me with resolution for this..
You're not passing the image bytes to the UPDATE
command, but a string containing the word Logo
Also: PLEASE avoid creating SQL commands using string concatenation or String.Format
. Use parameterized queries instead!
Also: Do not use an NVARCHAR
field to store the image bytes (unless you create a BASE64 string from them first), but use a VARBINARY
column instead.
The problem is in the following line:
str = string.Format("update Register set ... ,Logo='{5}' ...", ..., @"Logo", ...);
As you can see, you're formatting a string, but you don't insert the bytes from the image, but the word "Logo".
Assuming the column Logo
was of type IMAGE
, I would write something like this:
byte[] photo_array = null;
if (profPic.Image != null)
MemoryStream ms = new MemoryStream();
profPic.Image.Save(ms, ImageFormat.Jpeg);
photo_array = ms.GetBuffer();
if (photo_array != null)
SqlCommand cmd = new SqlCommand("UPDATE Register SET Logo=@logo", connection);
cmd.Parameters.AddWithValue("@logo", imageBytes);