ITHelper80
asked on
ASP.Net File upload control limit file extensions
How can I limit the type of files that are allowed to be uploaded using the code below?
Imports System.IO
Partial Class _Default
Inherits System.Web.UI.Page
Protected Sub btnSubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnSubmit.Click
Dim con As New System.Data.OleDb.OleDbConnection
Dim myPath As String
myPath = Server.MapPath("App_Data/BestPractices.mdb")
con.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0; Data source=" & myPath & ";"
Dim insCmd As New System.Data.OleDb.OleDbCommand
'insCmd.CommandText = "insert into Data (Import_Export,Location,Descp,Cont,Share_MDY) values('" & ddType.SelectedValue & "','" & Replace(txtLocation.Text, "'", "''") & "','" & Replace(txtDescription.Text, "'", "''") & "','" & Replace(txtContact.Text, "'", "''") & "',#" & StartDatetxt.Text & "#)"
insCmd.CommandText = "insert into Data (Import_Export,Location,Descp,Contact,Share_MDY) " & _
" values('" & ddType.SelectedValue & "','" & Replace(txtLocation.Text, "'", "''") & "','" & _
Replace(txtDescription.Text, "'", "''") & "','" & Replace(txtContact.Text, "'", "''") & "',#" & _
StartDatetxt.Text & "#)"
insCmd.Connection = con
Dim idCmd As New System.Data.OleDb.OleDbCommand
idCmd.Connection = con
con.Open()
insCmd.ExecuteNonQuery()
con.Close()
Dim strStatusMessage As String
Try
Dim hfc As HttpFileCollection = Request.Files
For i As Integer = 0 To hfc.Count - 1
Dim hpf As HttpPostedFile = hfc(i)
If hpf.ContentLength > 0 Then
If Not File.Exists(Server.MapPath("~/uploads/") & "\" & Path.GetFileName(hpf.FileName)) Then
hpf.SaveAs(Server.MapPath("~/uploads/") & "\" & Path.GetFileName(hpf.FileName))
strStatusMessage = "File saved at: \\cletnsrv01\EBE\Reports_Data_List_Charts\Best Practice Sharing\"
Else
strStatusMessage = "Diddnt Overwrite"
End If
End If
Next i
Catch Ex As Exception
strStatusMessage = "Unable to save the uploaded file. " _
& "The error was: " & Ex.Message
Finally
lblSaveResults.Visible = True
lblSaveResults.Text = strStatusMessage
lblreceive.Visible = True
tblresults.Visible = True
lblFileName1.Text = FileUpload1.PostedFile.FileName
lblFileType1.Text = FileUpload1.PostedFile.ContentType
lblFileSize1.Text = FileUpload1.PostedFile.ContentLength
If FileUpload2.HasFile Then
lblFileName2.Text = FileUpload1.PostedFile.FileName
lblFileType2.Text = FileUpload1.PostedFile.ContentType
lblFileSize2.Text = FileUpload1.PostedFile.ContentLength
Else
lblFileName2.Text = ""
lblFileType2.Text = ""
lblFileSize2.Text = ""
If FileUpload3.HasFile Then
lblFileName3.Text = FileUpload1.PostedFile.FileName
lblFileType3.Text = FileUpload1.PostedFile.ContentType
lblFileSize3.Text = FileUpload1.PostedFile.ContentLength
Else
lblFileName3.Text = ""
lblFileType3.Text = ""
lblFileSize3.Text = ""
If FileUpload4.HasFile Then
lblFileName4.Text = FileUpload1.PostedFile.FileName
lblFileType4.Text = FileUpload1.PostedFile.ContentType
lblFileSize4.Text = FileUpload1.PostedFile.ContentLength
Else
lblFileName4.Text = ""
lblFileType4.Text = ""
lblFileSize4.Text = ""
End If
End If
End If
End Try
Or, you can just use this:
System.IO.Path.GetExtensio
System.IO.Path.GetExtensio
ASKER
Could you offer a snippet of how to use System.IO.Path.GetExtensio
to prevent someone from uploading say an .exe file?
to prevent someone from uploading say an .exe file?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Godirect.
Your validation code does work except when I click on the submit button its tries to validate the field again and throw an error. How can I stop that?
Your validation code does work except when I click on the submit button its tries to validate the field again and throw an error. How can I stop that?
You can set the "CausesValidation" attribute in the button to false, but this means that when you click submit it will not validate any of the form.
<asp:Button runat="server" CausesValidation="false"..
And in response to your previous question, you can use the System.IO Example like this: (but godirect's is a better solution)
<asp:Button runat="server" CausesValidation="false"..
And in response to your previous question, you can use the System.IO Example like this: (but godirect's is a better solution)
If System.IO.Path.GetExtension(this.hpf.PostedFile.FileName).ToLower() = "exe" Then
//This file is invalid, do something
Else
//This IS a valid file, do something else
End If
ASKER
Thanks apresto but my problem I am doing validation of other fields so I cant disable that attribute.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks that took care of it. Since both apresto and godirect help me solve this problem I am going to split the points. Thanks to you both.
No problem, glad we could help
Apresto
Apresto
FileInfo file = new FileInfo("C:\\myfile.asp")
then you can access the extension with the file.Extension attribute of this object. Knowing this you can create an If/Switch statement to carry out an action depending on the extension