denmarkstan 0 Junior Poster in Training

please help me here.

My code:

Partial Class Create_staff
    Inherits System.Web.UI.Page

    Protected Sub btnUpload_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnUpload.Click
        Dim connection As SqlConnection = Nothing
        Try
            Dim img As FileUpload = CType(imgUpload, FileUpload)
            Dim imgByte As Byte() = Nothing
            If img.HasFile AndAlso Not img.PostedFile Is Nothing Then
                'To create a PostedFile
                Dim File As HttpPostedFile = imgUpload.PostedFile
                'Create byte Array with file len
                imgByte = New Byte(File.ContentLength - 1) {}
                'force the control to load data in array
                File.InputStream.Read(imgByte, 0, File.ContentLength)
            End If
            ' Insert the employee name and image into db
            Dim conn As String = ConfigurationManager.ConnectionStrings("localConnectionString").ConnectionString
            connection = New SqlConnection(conn)

            connection.Open()
            Dim sql As String = "INSERT INTO StaffData(Title,FirstName,SecondName,Gender,ClassTeaching,PhoneNumber,TeachingLevel,Salary,Passport) VALUES(@Title,@FirstName,@SecondName,@Gender,@ClassTeaching,@PhoneNumber,@TeachingLevel,@Salary,@Passport) SELECT @@IDENTITY"
            Dim cmd As SqlCommand = New SqlCommand(sql, connection)
            cmd.Parameters.AddWithValue("@Title", txtTitle.Text.Trim())
            cmd.Parameters.AddWithValue("@FirstName", txtFirstName.Text.Trim())
            cmd.Parameters.AddWithValue("@SecondName", txtSecondName.Text.Trim())
            cmd.Parameters.AddWithValue("@Gender", txtGender.Text.Trim())
            cmd.Parameters.AddWithValue("@ClassTeaching", txtClassTeaching.Text.Trim())
            cmd.Parameters.AddWithValue("@PhoneNumber", txtPhoneNumber.Text.Trim())
            cmd.Parameters.AddWithValue("@TeachingLevel", txtTeachingLevel.Text.Trim())
            cmd.Parameters.AddWithValue("@Salary", txtSalary.Text.Trim())
            cmd.Parameters.AddWithValue("@Passport", imgByte)
            Dim ID As Integer = Convert.ToInt32(cmd.ExecuteScalar())
            Image1.ImageUrl = "~/ShowImage.ashx?ID=" + ID
            
        Catch
            MessageBox.Show(ErrorToString())

        Finally
            connection.Close()
            lblResult.Text = "You have successfully uploaded a staff record for" + " " + txtTitle.Text.ToString() + " " + txtFirstName.Text.ToString()

        End Try
    End Sub


End Class


public class Handler : IHttpHandler {
    SqlConnection connection = null;
    string conn = ConfigurationManager.ConnectionStrings["localConnectionString"].ConnectionString;
    

    public void ProcessRequest (HttpContext context) 
    {
        int passportregno;
        if (context.Request.QueryString["ID"] != null)
            passportregno = Convert.ToInt32(context.Request.QueryString["ID"]);
        else
            throw new ArgumentException("Incorrect Staff ID!");
        context.Response.ContentType = "image/jpeg";
        Stream strm = DisplayImage(passportregno);
        byte[] buffer = new byte[9096];
        int byteSeq = strm.Read(buffer, 0, 9096);

        while (byteSeq > 0)
        {
            context.Response.OutputStream.Write(buffer, 0, byteSeq);
            byteSeq = strm.Read(buffer, 0, 9096);
        }
        
    }
    public Stream DisplayImage(int passportregno)
    {
        string conn = ConfigurationManager.ConnectionStrings["localConnectionString"].ConnectionString;
        connection = new SqlConnection(conn);
        string sql = "SELECT Passport FROM StaffData WHERE ID = @ID";
        SqlCommand cmd = new SqlCommand(sql, connection);
        cmd.CommandType = CommandType.Text;
        cmd.Parameters.AddWithValue("@ID", passportregno);
        connection.Open();
        object theImg = cmd.ExecuteScalar();
        try
        {
            return new MemoryStream((byte[])theImg);
        }
        catch
        {
            return null;
        }
        finally
        {
            connection.Close();
        }
    } 
 
    public bool IsReusable {
        get {
            return false;
        }
    }

}