要做的第一件事是更改保存数据的方式：insert语句有两个问题。

首先，您应该明确列出要保存数据的字段 - 匿名条目依赖于您的数据库将来不会更改。

The first thing to do is to change the way you are saving the data: there are two problems with your insert statement.
The first is that you should explicitly list the fields into which you want to save the data - anonymous entry relies on your DB not changing in the future.

sqltxt = "insert into test values('" & TextBox1.Text & "',@fdoc)"

成为：

Becomes:

sqltxt = "insert into test (fileName, fileData) values('" & TextBox1.Text & "',@fdoc)"

第二个是你真的应该使用你设置的参数化查询来指定文本 - 通过字符串连接传递TextBox内容是为了意外或故意的Sql注入攻击而打开您的数据库。您将文件数据作为参数传递，那么为什么不传递TextBox内容呢？



要检索它与您用于任何其他数据库的过程完全相同访问：

The second is that you really, really, should use the parametrized query you are setting up to specify the text as well - passing the TextBox content by string concatenation is opening your database up for an accidental or deliberate Sql Injection Attack. You are passing the file data as a parameter, so why not pass the TextBox content as well?

To retrieve it is exactly the same process you use for any other database access:

Using con As New SqlConnection(strConnect)
	con.Open()
	Using com As New SqlCommand("SELECT fileName, fileData FROM test", con)
		Using reader As SqlDataReader = com.ExecuteReader()
			While reader.Read()
				Dim fileName As String = DirectCast(reader("fileName"), String)
				Dim fileData As Byte() = DirectCast(reader("fileData"), Byte())
				...
			End While
		End Using
	End Using
End Using