You don't read any data from your DB at all!
Or rather, you do - badly - but you then ignore or discard it.
For starters, don't use ExecuteNonQuery with a SELECT command - a SELECT is by definition a Query! You need an ExecuteScalar or more likely ExecuteReader, or to use a DataAdapter instead.
Second, never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
Third, you ignore any data you might have read and always create your image from the same row and cell of your DataGridView.
I think you need to walk away, have a chat or a cup of coffee with someone, then come back and look again at that whole code, because there isn't a lot there that looks like you want to keep it.
Quote:
I fixed the code where I can get images and place them in SQL into a single table like you told me too. I even made an ImageID and regular ID column. I am just trying to figure this last part out and that will get this one portion of my program completed. Anyways, I have never used a executerscalar or executereader so far. When you mean concentate you mean the "'"?
Concatenation is the process of "adding strings together" - and in SQL terms, it's extremely dangerous.
When you do something like this:
Dim sql As String = "SELECT Images FROM [Table] WHERE ImageID= '" + DataGridView1.Rows(I).Cells(2).Value.ToString + "'"
You are concatenating three strings: the beginning with the SELECT, the content of a cell, and a trailing quote. That works, but only if the content is exactly what you think it is, and that';s dangerous. If the cell is modified to contain
1';DROP TABLE Images;--
for example, then SQL gets the command:
SELECT Images FROM [Table] WHERE ImageID= '1';DROP TABLE Images;
Which is completely valid SQL: it's three commands. The first selects your data, the second deletes your table, and the third comments out anything after that.
That's called SQL Injection and it's not a joke:
xkcd: Exploits of a Mom[
^] - people do try this. The 2011 UK census was the first you could complete online, and within half an hour of it going live people were complaining because SQL Injection didn't work!
It can be used to alter, delete, or read your DB; or to bypass password checking, or anything else the user wants to do that you would probably much rather he didn't...
Never, ever, concatenate SQL commands - always use parameterised queries.