"Parameter Not valid" Error in VB.NET While retrive image to picturebox from ms access database

Question

I use the following code in VB.NET to retrieve particular user image from MS ACCESS database with the image field of type OLE OBJECT

                 Dim strSql As String = ""
                'For Image
                strSql = "Select pic from emp_tb WHERE userid='" + textbox1.Text + "'"

                Dim sqlCmd As New OleDbCommand(strSql, con)

                'Get image data from DB
                Dim imageData As Byte() = DirectCast(sqlCmd.ExecuteScalar(), Byte())

                'Initialize image variable 
                Dim newImage As Image = Nothing

                If Not imageData Is Nothing Then
                    'Read image data into a memory stream 
                    Using ms As New MemoryStream(imageData, 0, imageData.Length)
                        ms.Write(imageData, 0, imageData.Length)
                        'Set image variable value using memory stream. 
                        newImage = Image.FromStream(ms, True)

                    End Using

                End If

I retrieve it to a picture box by

picturebox1.image=newImage

my Error:

line number 300 is

newImage = Image.FromStream(ms, True)

But I get the error message as "Perameter not valid".Please help me how can i use parameter for avoid sql injection and also how to solve this error........

Answer 1

this is my database ms access 2007

Answer 2

com.CommandText = "Select * from [Admin_House_Head_Boy] where HouseID=" & HouseID.Text
            Dim dr As OleDbDataReader = com.ExecuteReader()
            dr.Read()
            If dr.HasRows Then
               Dim data As Byte() = DirectCast(dr("Stud_Pic"), Byte())
                Dim ms As New MemoryStream(data)
                PictureBox1.Image = Image.FromStream(ms, True)
            Else
                MsgBox("Record not found")
            End If

please solve this error : "Parameter is not valid."

Answer 3

RE: "Parameter not valid" error when trying to load image

Open the database file in Access, then open the table containing the images you want to display.

• If the image column shows the description Long binary data then the images have been saved as raw binary data (sometimes referred to as a "BLOB") and you should be able to use your existing code (or something very close to it) to populate the PictureBox.

• However, if the image column displays a description like "Bitmap Image" or "Package" then the images have been stored as OLE embedded objects. If you extract the raw binary data (as your code does) and try to directly convert that to an image you will receive errors because the binary data includes the OLE "wrapper" that surrounds the actual image data. (For more details see my answer here.)

There have been many, many discussions about how to remove the OLE "wrapper" and retrieve the raw image data, but unfortunately OLE is very convoluted and (apparently) not particularly well-documented. After reading dozens of threads the consensus seems to be:

1. If you want to store and retrieve images from within Access itself then just let Access "do its thing" and deal with all of the OLE complexities for you.

2. If you will be retrieving images from any other application then make sure that you store the images as raw binary data (i.e., do not save the images from within Access itself).

3. Trying to cover both of the above usage cases can be a real nuisance. It is best just to stick with one.

4. If you need to extract OLE "wrapped" objects from an Access database then Stephen Lebans' OLEtoDisk utility could prove to be extremely useful.

RE: Using a parameterized query to protect against SQL Injection (and other headaches)

That's easy. Just change your code to...

strSql = "Select pic from emp_tb WHERE userid=?"

Dim sqlCmd As New OleDbCommand(strSql, con)
sqlCmd.Parameters.AddWithValue("?", textbox1.Text)

'Get image data from DB
Dim imageData As Byte() = DirectCast(sqlCmd.ExecuteScalar(), Byte())