TSQL/VB.NET - 寫流表

Question

親愛的民俗就是我用下面的代碼，以圖片的字節送入流表：

Dim FirstColumnNames As String = imTable(0) & "_Code, " & imTable(0) & "_Price, " & imTable(0) & "_Title, " & imTable(0) & "_Type, " & imTable(0) & "_Height, " & imTable(0) & "_Width, " & imTable(0) & "_Comments " 
Dim FirstFieldsValues As String = "'" & imParam(1) & "', '" & imParam(2) & "', '" & imParam(0) & "', '" & imType.ToString & "', '" & imHeight & "', '" & imWidth & "', '" & imParam(3) & "' " 
RemoteSQLcmd = New SqlCommand("INSERT INTO " & imTable(0) & " (" & FirstColumnNames & ") VALUES (" & FirstFieldsValues & ") ", RemoteSQLConn, RemoteSQLtx) 
RemoteSQLcmd.ExecuteNonQuery() 
RemoteSQLcmd = New SqlCommand("SELECT * FROM " & imTable(0) & " WHERE " & imTable(0) & "_Code = " & "'" & imParam(1) & "'", RemoteSQLConn, RemoteSQLtx) 
AbsRecord = RemoteSQLcmd.ExecuteScalar 
Dim imGUID As Guid = Guid.NewGuid() 
Dim SecondColumnNames As String = imTable(1) & "_" & imTable(0) & "_ID , " & imTable(1) & "_GUID " 
Dim SecondFieldsValues As String = "'" & AbsRecord & "', '" & imGUID.ToString & "'" 
RemoteSQLcmd = New SqlCommand("INSERT INTO " & imTable(1) & " (" & SecondColumnNames & ") VALUES (" & SecondFieldsValues & ") ", RemoteSQLConn, RemoteSQLtx) 
RemoteSQLcmd.ExecuteNonQuery() 
RemoteSQLcmd = New SqlCommand("SELECT GET_FILESTREAM_TRANSACTION_CONTEXT() " & "FROM " & imTable(1) & " WHERE " & imTable(1) & "_" & imTable(0) & "_ID = " &AbsRecord, RemoteSQLConn, RemoteSQLtx) 
RemoteSQLcmd.Parameters.Add("@" & imTable(1) & "_GUID", SqlDbType.UniqueIdentifier).Value = imGUID 
Dim tokenObject As Object = RemoteSQLcmd.ExecuteScalar() 
tokenReader = RemoteSQLcmd.ExecuteReader(CommandBehavior.SingleRow) 
tokenReader.Read() 
filePathName = tokenReader.GetSqlString(1) 
fileToken = DirectCast(tokenReader(3), Byte()) 
tokenReader.Close() 
Dim sqlFile As SqlFileStream = New SqlFileStream(filePathName.Value, fileToken.Value, FileAccess.Write) 

的表有fllowing意象結構 那是第一個表：

myCommand = New SqlCommand("CREATE TABLE " & TablesStat(0, 0) & _ 
        " (" & TablesStat(0, 0) & "_ID int NOT NULL PRIMARY KEY IDENTITY(1,1), " & TablesStat(0, 0) & "_Code varchar(20) NULL, " & TablesStat(0, 0) & "_Price money NULL, " & TablesStat(0, 0) & "_Title varchar(50) NULL, " & TablesStat(0, 0) & "_Type sql_variant NULL, " & TablesStat(0, 0) & "_Height int NULL, " & TablesStat(0, 0) & "_Width int NULL, " & TablesStat(0, 0) & "_Comments nvarchar(MAX) NULL)", RemoteSQLConn) 
myCommand.ExecuteNonQuery() 

端的所述第二表是：

myCommand = New SqlCommand("CREATE TABLE " & TablesStat(1, 0) & _ 
    " (" & TablesStat(1, 0) & "_ID int NOT NULL PRIMARY KEY IDENTITY(1,1), " & TablesStat(1, 0) & "_GUID UNIQUEIDENTIFIER ROWGUIDCOL NOT NULL UNIQUE , " & TablesStat(1, 0) & "_" & TablesStat(0, 0) & "_ID int FOREIGN KEY REFERENCES " & TablesStat(0, 0) & " (" & TablesStat(0, 0) & "_ID) NOT NULL, " & TablesStat(1, 0) & "_Image varbinary(MAX) FILESTREAM NULL) ", RemoteSQLConn) 

myCommand.ExecuteNonQuery() 

我的問題來的時候我試圖讀取「filePathName」和「fileToken」 的privious SELECT GET_FILESTREAM ....返回我只有一個colomn讀它具有GUID以二進制格式 我知道我在做的colomn 0有些不對勁，但我不知道是什麼

我的問題是，我不是歌廳日「filePathName」和fileToken」

有沒有人來幫助我嗎？

---

外觀最大

我做了什麼，你告訴我，但沒有

RemoteSQLcmd = New SqlCommand("SELECT GET_FILESTREAM_TRANSACTION_CONTEXT()", RemoteSQLConn, RemoteSQLtx) 
Dim tokenObject As Object = RemoteSQLcmd.ExecuteScalar() 
tokenReader = RemoteSQLcmd.ExecuteReader(CommandBehavior.SingleRow) 
tokenReader.Read() 
fileToken = DirectCast(tokenReader(1), Byte()) 
filePathName = tokenReader.GetSqlString(3) 

和交易啓動這個命令的遠上

而且從來沒有停止

---

Dim imGUID As Guid = Guid.NewGuid() 
Dim imImage As Byte() = New Byte(imStream.Length) {} 
Dim bytesRead As Integer = imStream.Read(imImage, 0, imStream.Length) 
Dim SecondColumnNames As String = _ 
      imTable(1) & "_GUID, " & _ 
      imTable(1) & "_" & imTable(0) & "_ID" 
Dim SecondFieldsValues As String = "'" & imGUID.ToString & "', '" & AbsRecord & "'" 
RemoteSQLcmd = New SqlCommand("INSERT INTO " & imTable(1) & _ 
      " (" & SecondColumnNames & ") VALUES (" & SecondFieldsValues & ")", RemoteSQLConn, RemoteSQLtx) 
RemoteSQLcmd.Parameters.Add("@" & imTable(1) & "_GUID", SqlDbType.UniqueIdentifier).Value = imGUID 
    RemoteSQLcmd.Parameters.Add("@" & imTable(1) & "_Image", SqlDbType.Image).Value = imImage 
    RemoteSQLcmd.ExecuteNonQuery() 
    RemoteSQLcmd = New SqlCommand("SELECT GET_FILESTREAM_TRANSACTION_CONTEXT() FROM " & imTable(1), RemoteSQLConn, RemoteSQLtx) 
Dim tokenObject As Object = RemoteSQLcmd.ExecuteScalar() 
tokenReader = RemoteSQLcmd.ExecuteReader(CommandBehavior.SingleRow) 
tokenReader.Read() 

正如你所看到的我再次把FROM的克勞斯。

但是，請看看我的讀者

---

tokenReader.Depth 0

tokenReader.FieldCount 1

tokenReader.HasRows真我接受

tokenReader.IsClosed假

tokenReader.Item I爲了評估索引屬性，屬性必須是合格的，並且參數必須由用戶明確提供。

tokenReader.RecordsAffected -1

---

正如你可以在這裏看到我只有一個列讀取並沒有別的

我真的不知道，如果這是有用的，但無論如何，我把它有

tokenReader。VisibleFieldCount 1

Answer 1

MSDN said你應該

• 做到這一點內幕交易
• 做 「SELECT GET_FILESTREAM_TRANSACTION_CONTEXT（）」，沒有任何 「FROM TABLE」

---

有在Working with FILESTREAM using VB .NET By Yan Pan樣本：

' Obtain a transaction context. All FILESTREAM BLOB operations occur ' 
' within a transaction context to maintain data consistency. ' 
Dim transaction As SqlTransaction = 
    sqlConnection.BeginTransaction("mainTranaction") 
sqlCommand.Transaction = transaction 
sqlCommand.CommandText = "SELECT GET_FILESTREAM_TRANSACTION_CONTEXT()" 
Dim obj As Object = sqlCommand.ExecuteScalar() 
Dim txContext As Byte() = Nothing 
If Not obj.Equals(DBNull.Value) Then 
    txContext = DirectCast(obj, Byte()) 
Else 
    Throw New System.Exception("GET_FILESTREAM_TRANSACTION_CONTEXT() failed") 
End If 

' Obtain a handle that can be passed to the Win32 FILE APIs. ' 
Dim sqlFileStream As New SqlFileStream(filePath, txContext, FileAccess.Write) 

' Converting the image to a byte array. ' 
' Please change C:\Spire.jpg to your image file path. ' 
Dim byteImg As Byte() 
byteImg = File.ReadAllBytes("C:\Spire.jpg") 
'Write the image file to the FILESTREAM BLOB. ' 
sqlFileStream.Write(byteImg, 0, byteImg.Length) 

' Close the FILESTREAM handle. ' 
sqlFileStream.Close() 

' Commit the write operation that was performed on the FILESTREAM BLOB. ' 
sqlCommand.Transaction.Commit() 

嘗試根據樣本更改代碼：

• 文件路徑變量打開文件交易前開始
• 有一個簡單的「SELECT GET_FILESTREAM_TRANSACTION_CONTEXT（）」的文件上下文命令
• 有一個空檢查和DirectCast（OBJ，字節（））投值轉換成字節
• 不知道這是否作出區別，但SqlFileStream與txContext打開，不txContext.Value

UPDATE
我如何理解這個問題：

filePathName - 從那裏我們將打開FILESTREAM文件名。這個值應該從某個表的某個字段中選擇。如果您不知道[table]。[field]是什麼，請參閱db表值的內部並找到保存文件路徑的位置。

fileToken - FILESTREAM事務上下文。應該在單獨的命令執行中被選中，並且被轉換爲Byte。

---

SQL Injections意味着，當你做這樣的事情

RemoteSQLcmd = New SqlCommand("SELECT * FROM " & imTable(0) & " WHERE " 
    & imTable(0) & "_Code = " & "'" & imParam(1) 
    & "'", RemoteSQLConn, RemoteSQLtx) 

在代碼隱藏和imParam是一個URL參數值比別人可能會起到不好的笑話，你把「'; DROP TABLE用戶;」它可以分解爲

SELECT * FROM table WHERE table_Code = ''; DROP TABLE users;