Article Title-Working with images in Visual Studio .Net And SQL Server Database.

Page Title- An introduction to work with images in Dot Net application using SQL Server.
Section Heading - Usage of images in .Net applications. Some applications be it desktop or web at times require working with images. Aptly speaking the good paradigm is banking applications. Withdrawal of amount from bank accounts requires signature verification of the account holder. Normally specimen signatures of customers are archived as images in such applications. There can be couple of work around to store images. One is typically tag each image a unique identifier and save the image at a physical location accessible by the application. Store that unique identifier and the physical absolute/relative path in a database table. Now when the application looks in for a given identifier from database table then the path against the identifier can be pulled from the table and use that path in any image control to display the image. A little tweak in the approach renders more scalability, dependability and boost applications security with playing around images. In second approach images can be stored in database in bytes, assigning each images with a unique identifier. For a quick tour of this approach we can use SQL Server database and a .Net application Lets discuss the advantages of the later approach than that of the previous one. Storing images in byte format in database enforce security and let the application implement access privileges to users of the images. The database administrator can manage read-only/write permission to database table once images are stored. This approach prevents user to interact with physical image file and does not require file read write permission to a specific directory on the file system and reduce the burden on FILE I/O.

Steps to build a demo application for storing/retrieving images. Step 1: Verify SQL Server 7/2000 is installed on the machine Create table tblImgData, stored procedure rkReadPicture, rkInsertPicture in pubs database and if the SQL Server version is 2000 and above then allow execute permission to two stored procedures. The SQL scripts for these database objects have been provided in the application folder. Step 2: Unzip the zip file and open the solution file in VS 2003 and run the application. For the first time the table tblImgData will be blank. Now enter a ID and name for the image in the given input on the windows form and select a image from the image folder available in the application folder and click on button Save new image to database. The code in routine btnSave_Click()insert the image to table in byte format.

Code snippet: private void btnSave_Click(object sender, System.EventArgs e) { if(strFn != null && ID.Text != "") { this.pictureBox1.Image=Image.FromFile(strFn); FileInfo fiImage=new FileInfo(strFn); this.lImageFileLength=fiImage.Length; FileStream fs=new FileStream(strFn,FileMode.Open, FileAccess.Read,FileShare.Read); barrImg=new byte[Convert.ToInt32(this.lImageFileLength)]; int iBytesRead = fs.Read(barrImg,0, Convert.ToInt32(this.lImageFileLength)); fs.Close(); //Note:rkInsertPicture is the stored procedure used in pubs database //the script of this sp is available file rkReadPicture.sql SqlCommand cmdInsert = new SqlCommand("rkInsertPicture", con); cmdInsert.CommandType = CommandType.StoredProcedure; cmdInsert.Parameters.Add("@ID", System.Data.SqlDbType.Int,4); cmdInsert.Parameters.Add("@Name", System.Data.SqlDbType.VarChar,50); cmdInsert.Parameters.Add("@Picture", System.Data.SqlDbType.Image); cmdInsert.Parameters["@ID"].Value=this.ID.Text; cmdInsert.Parameters["@Name"].Value=this.txtName.Text; cmdInsert.Parameters["@Picture"].Value=this.barrImg; cmdInsert.Connection=con; int iresult=cmdInsert.ExecuteNonQuery(); } else { MessageBox.Show("Check ID and Name, these two cannot be blank"); }

} Step 3:

In order to view and verify the image enter the ID in the provided textbox in form and click on button Show Image, this will read the byte stored in database table, convert to image and display on the form. Code snippet: private void btnShowImage_Click(object sender, System.EventArgs e) { label3.Text = ""; this.pictureBox1.Visible=true; try { SqlCommand cmdsp = new SqlCommand("rkReadPicture", con); cmdsp.CommandType = CommandType.StoredProcedure; cmdsp.Parameters.Add("@ID",SqlDbType.Int,4);

if(this.ID.Text !="") { cmdsp.Parameters["@ID"].Value = this.ID.Text; cmdsp.Connection = con; SqlDataAdapter da=new SqlDataAdapter(cmdsp); DataSet ds = new DataSet(); da.Fill(ds,"tblImgData"); foreach(DataRow row in ds.Tables["tblImgData"].Rows) { label3.Text=row[1].ToString(); } byte[] barrImg=(byte[])cmdsp.ExecuteScalar(); string strfn=Convert.ToString(DateTime.Now.ToFileTime()); try {

} catch(Exception exp) { this.pictureBox1.Visible=false; MessageBox.Show("No records found for the given ID " +ID.Text); } finally { } } else { MessageBox.Show("Enter a ID which is integer type for the search"); } } catch(Exception exp1) { MessageBox.Show(exp1.ToString()); } } There is some definite purpose of using stored procedure in this application. Stored procedures enhance security. The permissions to execute a stored procedure can be granted, denied, or revoked on the data objects. Here is a code snip which tells how to grant permissions. -- grant select permission on the tblImgData table to specific user account. -- role GRANT SELECT ON tblImgData TO XXXXXX GO

FileStream fs=new FileStream(strfn, FileMode.CreateNew, FileAccess.Write); fs.Write(barrImg,0,barrImg.Length); fs.Flush(); fs.Close(); pictureBox1.Image=Image.FromFile(strfn);

-- deny UPDATE, DELETE and INSERT permissions DENY UPDATE, DELETE, INSERT ON tblImgData TO XXXXXX GO Notes: Validation have not been implemented on the application. This might be implemented as per requirement. In order to save space the entire code is not furnished here. The entire code may be viewed from the application. Download code in zip format from the following link: Request-create a download link for the application This is how we work with images and enforce better security on signature verification on any commercial application.