I have a code of c# who simply insert data into database i have code that contains abyte data but runtime it insert query display the system.byte[] instead of byte data

private void showData_Click(object sender, EventArgs e)
            String FileType;
            String PictureName;
            for (int i = 0; i <= files.Length - 1; i++)
                if (files[i] == null)
                    MessageBox.Show("Now Null Array is Startyeed");
                    FileType = MimeType(files[i]);
                    PictureName = FileName(files[i]);
                    byte[] PictureBinary = File.ReadAllBytes(files[i]);

                    UpdateDatabase(PictureName, PictureBinary, FileType);
 private void UpdateDatabase(string pname,byte[] pict,string extension) {
            SqlConnection conn;
            string query = @"SELECT ProductId,Id From ProductVariant WHERE PictureName = 'adtran/" + pname + "'";
            conn = new SqlConnection("Data Source=ACCSOFTA005\\ACCSOFTA005G;Initial Catalog=webstoreDB;User ID=sa;Password=sa");
            SqlCommand cmd = new SqlCommand(query, conn);
            //SqlDataReader Dr = new SqlDataReader(query);
            SqlDataReader Dr = cmd.ExecuteReader();
            if (Dr.HasRows)
                    int ProductId = Dr.GetInt32(0);
                    int Id = Dr.GetInt32(1);
                // Insert New Image into the Picture Table and Get PictureId from that Particular Image
                // 21-11-2011 [MUBUSHER ASLAM]
                string InsertPictureQuery = "INSERT INTO Picture (PictureBinary,MimeType,IsNew) Values (" + pict + ",'" + extension +"',1);" + "Select Scope_Identity()";
                int LastId = GetLastInsertedId(InsertPictureQuery);

in line number 46
pict is a byte data type when its execute query so its message display:

An object or column name is missing or empty. For SELECT INTO statments, 
verify each column has a name. For other statments, look for empty alias names.
Aliases defined as "" or[] are not allowed. change the alias to a valid name.
Incorrect syntax near ".

Edited 5 Years Ago by Mubusher: n/a

You have to use Parameters (prepare).

conn = new SqlConnection("Data Source=ACCSOFTA005\\ACCSOFTA005G;Initial Catalog=webstoreDB;User ID=sa;Password=sa");
 string sql="INSERT INTO Picture (PictureBinary,MimeType,IsNew) Values (@PictureBinary,@MimeType,@IsNew)";
 SqlCommand cmd = new SqlCommand(sql, conn);
This article has been dead for over six months. Start a new discussion instead.