Save PictureBox with public sub module

[MADA BLACK]

Hello evey one
Please Gentelman
If you can help me to resolve this problem
My Table ( Table1 )
Fields : Id Type numeric Primary key - Firstname Type Text - Secondname Type Text - AgeYear Type Numeric - Emp_Logo Type Objet Ole
I want make many public sub for add - edit - delete record with database Access
All works very well without image ( PictureBox1 ) .. I want to make a public sub for save PictureBox1 and it use it in all my Forms .
My probleme when i want to save PictureBox1 i got this :
Message error ( no value given for one or more of the required parameters )
This is my code in Module 1:

Code:

    Public Sub Load_Data_From_Database(Sql_String As String, dtg As DataGridView)
        Dim da As New OleDbDataAdapter
        Dim dt As New DataTable
        Try
            Dim cmd = New OleDbCommand
            cmd = New OleDbCommand
            With cmd
                .Connection = Conne
                .CommandText = Sql_String
            End With
            da.SelectCommand = cmd
            da.Fill(dt)
            dtg.DataSource = dt
            dtg.AutoSizeRowsMode = DataGridViewAutoSizeRowsMode.AllCells
        Catch ex As Exception
            MsgBox(ex.Message)
        Finally
            Conne.Close()
            da.Dispose()
        End Try
    End Sub
    Public Sub Save_Update_Delete_Data_In_Database(Sql_String As String)
        Try
            Conne.Open()
            Dim Result As Integer
            Dim cmd = New OleDbCommand
            With cmd
                .Connection = Conne
                .CommandText = Sql_String
                Result = .ExecuteNonQuery()
            End With
            If Result > 0 Then
                MessageBox.Show("Operation Terminee avec succees", "Notify", MessageBoxButtons.OK, MessageBoxIcon.Information)
            End If
        Catch ex As Exception
            MsgBox(ex.Message)
        Finally
            Conne.Close()
        End Try
    End Sub

In my Form1 :

Code:

   
Imports System.Data.OleDb
Imports System.IO
Imports System.Drawing.Imaging
Public Class Form1
 Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load

    Call Retrieve_Data_From_Database()

    End Sub
    Private Sub Retrieve_Data_From_Database()

        Dim Sql_String As String = "SELECT * From Table1"
        Call Load_Data_From_Database(Sql_String, DataGridView1)

    End Sub
 Private Sub Button2_Click(sender As Object, e As EventArgs) Handles Button2.Click

        Dim Sql_String As String = "INSERT INTO Table1 ( Id , FirstName , Secondname , AgeYear , Emp_Logo) VALUES ( '" & TextBox1.Text & "' ,'" & TextBox2.Text & "' , '" & TextBox3.Text & "' , '" & TextBox4.Text & "' , @Emp_Logo)"
        Call Save_Update_Delete_Data_In_Database(Sql_String)
        Call Retrieve_Data_From_Database()

        TextBox1.Clear()
        TextBox2.Clear()
        TextBox3.Clear()
        TextBox4.Clear()

        Button1.Enabled = True
        Button2.Enabled = False
        Button3.Enabled = True
        Button4.Enabled = True

    End Sub
    Private Sub Button3_Click(sender As Object, e As EventArgs) Handles Button3.Click

        Dim Sql_String As String = "UPDATE  Table1 SET FirstName='" & TextBox2.Text & "' , Secondname='" & TextBox3.Text & "' , AgeYear='" & TextBox4.Text & "' ,  Emp_Logo= @Emp_Logo Where Id=" & DataGridView1.CurrentRow.Cells(0).Value
        Call Save_Update_Delete_Data_In_Database(Sql_String)
        Call Retrieve_Data_From_Database()

        TextBox1.Clear()
        TextBox2.Clear()
        TextBox3.Clear()
        TextBox4.Clear()

    End Sub
    Private Sub Button4_Click(sender As Object, e As EventArgs) Handles Button4.Click

        Dim Sql_String As String = "DELETE From Table1 Where Id=" & DataGridView1.CurrentRow.Cells(0).Value

        Call Save_Update_Delete_Data_In_Database(Sql_String)
        Call Retrieve_Data_From_Database()

    End Sub
    Private Sub DataGridView1_SelectionChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles DataGridView1.SelectionChanged

        Try
            If DataGridView1.Rows.Count = 0 Then Exit Sub
            Using InfoAdapter As New OleDbDataAdapter("SELECT * From Table1 Where Id=" & DataGridView1.CurrentRow.Cells(0).Value & "", Conne)
                Dim InfoTable As New DataTable
                InfoAdapter.Fill(InfoTable)
                Me.TextBox1.Text = InfoTable(0)(0)
                Me.TextBox2.Text = InfoTable(0)(1)
                Me.TextBox3.Text = InfoTable(0)(2)
                Me.TextBox4.Text = InfoTable(0)(3)

                Dim arrImage() As Byte
                arrImage = DataGridView1.CurrentRow.Cells(4).Value
                Dim mstream As New System.IO.MemoryStream(arrImage)
                PictureBox1.Image = Image.FromStream(mstream)
                PictureBox1.SizeMode = PictureBoxSizeMode.StretchImage

            End Using
        Catch ex As Exception
            Return
        End Try

    End Sub
    Private Sub Button11_Click(sender As Object, e As EventArgs) Handles Button11.Click
        Try
            With OpenFileDialog1
                .CheckFileExists = True
                .CheckPathExists = True
                .DefaultExt = "jpg"
                .DereferenceLinks = True
                .FileName = ""
                .Filter = "(*.jpg)|*.jpg|(*.png)|*.png|(*.jpg)|*.jpg|All files|*.*"
                .Multiselect = False
                .RestoreDirectory = True
                .Title = "Select a file to open"
                .ValidateNames = True
                If .ShowDialog = DialogResult.OK Then
                    Try
                        PictureBox1.Image = Image.FromFile(OpenFileDialog1.FileName)
                    Catch fileException As Exception
                        Throw fileException
                    End Try
                End If
            End With
        Catch ex As Exception
            MsgBox(ex.Message, MsgBoxStyle.Exclamation, Me.Text)
        End Try
    End Sub
    Private Sub Save_Image_In_Database(Sql_String As String)
        Dim arrImage() As Byte
        Dim mstream As New System.IO.MemoryStream()
        Try
            PictureBox1.Image.Save(mstream, System.Drawing.Imaging.ImageFormat.Jpeg)
            arrImage = mstream.GetBuffer()
            Dim FileSize As UInt32
            FileSize = mstream.Length
            mstream.Close()
            Conne.Open()
            Dim InfoCommand = New OleDbCommand
            With InfoCommand
                .Connection = Conne
                .CommandText = Sql_String
                .Parameters.AddWithValue("@Emp_Logo", arrImage)
                .ExecuteNonQuery()
            End With
        Catch ex As Exception
            MsgBox(ex.Message)
        Finally
            Conne.Close()
        End Try
    End Sub
End Class

Thank you in advance for help
Cordially
MADA

[jmcilhinney]

You need to first learn how to use parameters in ADO.NET. You're half doing it for the Image but not doing it at all for any of the other values. Do it fully for ALL values. Follow the Blog link in my signature below and check out my post on Parameters In ADO.NET. Change your code to use parameters for ALL values you want to send to the database and then, if it still doesn't work, post back and show us the new code.

Also, don't just post all your code. It means that we have to waste time wading through it to work out what part of it relates to the issue you're asking about. You need to work out, to the best of your ability, what part of the code is relevant and then post that.

Finally, you really ought to stop accepting default names for controls, e.g. Button1 and TextBox1, and put some thought into what they are for and name them accordingly.

[MADA BLACK]

Thanks very much jmcilhinney for the advice .. but everything works fine without parmeters except the image recording in my database .. I want to continue with this code for the image too .. Cordially

[jmcilhinney]

If you want to do it the wrong way then suffer the consequences. You deserve what you get. There's a right way to do it. Do it.

[jmcilhinney]

You basically have no choice but to use parameters with an Image because the binary data can't be represented as text (unless you can use base-64, which I don't think you can. If you're going to use a parameter for an Image then you may as well do it for the other values but you should be anyway. There are a number of reasons to do so. For instance, if someone has the surname O'Brien then your app is going to crash. Well done! Another is that, in some circumstances, a malicious user could delete all the data in your database. Well done again! If you're too lazy to do it the right way then, as I said, you deserve what you get. The information is there if you care to use it but I'm not going to waste any more of my time on this.

Correction: your app won't crash on O'Brien because you have exception handling but it won't work as intended, so you'd have to change the code to work by either doing the right thing and using parameters or using a dodgy workaround that still leaves you open to all the other issues.

[Shaggy Hiker]

What John is referring to is that doing queries the way you are, where you concatenate in user supplied strings, leaves you open to SQL Injection attacks. Additionally, you can run into formatting issues with that approach, but that's probably a lesser issue. After all, if you get the formatting wrong, it'll just fail, whereas with a SQL Injection attack, a malicious person could erase your database.

Now, it may be that you aren't concerned about that. Perhaps this will only be used internally by just you, or by just a handful of people who won't be interested in causing havoc, but it's a bad habit to be getting into. Perhaps some day you'd use that on a public facing program, and...poof...your database disappears.

EDIT: Yeah, but you DID spend more time on this, while I was spending some time on this. Now I just look redundant.