• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2213
  • Last Modified:

ASP.Net File upload control limit file extensions

How can I limit the type of files that are allowed to be uploaded using the code below?
Imports System.IO
Partial Class _Default
    Inherits System.Web.UI.Page
    Protected Sub btnSubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnSubmit.Click
 
        Dim con As New System.Data.OleDb.OleDbConnection
        Dim myPath As String
 
 
        myPath = Server.MapPath("App_Data/BestPractices.mdb")
        con.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0; Data source=" & myPath & ";"
 
        Dim insCmd As New System.Data.OleDb.OleDbCommand
 
        'insCmd.CommandText = "insert into Data (Import_Export,Location,Descp,Cont,Share_MDY) values('" & ddType.SelectedValue & "','" & Replace(txtLocation.Text, "'", "''") & "','" & Replace(txtDescription.Text, "'", "''") & "','" & Replace(txtContact.Text, "'", "''") & "',#" & StartDatetxt.Text & "#)"
 
        insCmd.CommandText = "insert into Data (Import_Export,Location,Descp,Contact,Share_MDY) " & _
                     " values('" & ddType.SelectedValue & "','" & Replace(txtLocation.Text, "'", "''") & "','" & _
                     Replace(txtDescription.Text, "'", "''") & "','" & Replace(txtContact.Text, "'", "''") & "',#" & _
                     StartDatetxt.Text & "#)"
 
 
 
        insCmd.Connection = con
 
        Dim idCmd As New System.Data.OleDb.OleDbCommand
 
        idCmd.Connection = con
        con.Open()
        insCmd.ExecuteNonQuery()
        con.Close()
 
 
        Dim strStatusMessage As String
 
        Try
            Dim hfc As HttpFileCollection = Request.Files
 
            For i As Integer = 0 To hfc.Count - 1
 
                Dim hpf As HttpPostedFile = hfc(i)
 
 
                If hpf.ContentLength > 0 Then
 
                    If Not File.Exists(Server.MapPath("~/uploads/") & "\" & Path.GetFileName(hpf.FileName)) Then
 
                        hpf.SaveAs(Server.MapPath("~/uploads/") & "\" & Path.GetFileName(hpf.FileName))
                        strStatusMessage = "File saved at: \\cletnsrv01\EBE\Reports_Data_List_Charts\Best Practice Sharing\"
                    Else
                        strStatusMessage = "Diddnt Overwrite"
                    End If
                End If
 
            Next i
 
 
        Catch Ex As Exception
            strStatusMessage = "Unable to save the uploaded file.  " _
             & "The error was: " & Ex.Message
 
        Finally
            lblSaveResults.Visible = True
            lblSaveResults.Text = strStatusMessage
            lblreceive.Visible = True
            tblresults.Visible = True
            lblFileName1.Text = FileUpload1.PostedFile.FileName
            lblFileType1.Text = FileUpload1.PostedFile.ContentType
            lblFileSize1.Text = FileUpload1.PostedFile.ContentLength
 
 
            If FileUpload2.HasFile Then
                lblFileName2.Text = FileUpload1.PostedFile.FileName
                lblFileType2.Text = FileUpload1.PostedFile.ContentType
                lblFileSize2.Text = FileUpload1.PostedFile.ContentLength
            Else
                lblFileName2.Text = ""
                lblFileType2.Text = ""
                lblFileSize2.Text = ""
 
                If FileUpload3.HasFile Then
                    lblFileName3.Text = FileUpload1.PostedFile.FileName
                    lblFileType3.Text = FileUpload1.PostedFile.ContentType
                    lblFileSize3.Text = FileUpload1.PostedFile.ContentLength
                Else
                    lblFileName3.Text = ""
                    lblFileType3.Text = ""
                    lblFileSize3.Text = ""
 
                    If FileUpload4.HasFile Then
                        lblFileName4.Text = FileUpload1.PostedFile.FileName
                        lblFileType4.Text = FileUpload1.PostedFile.ContentType
                        lblFileSize4.Text = FileUpload1.PostedFile.ContentLength
                    Else
                        lblFileName4.Text = ""
                        lblFileType4.Text = ""
                        lblFileSize4.Text = ""
                    End If
                End If
            End If
        End Try

Open in new window

0
ITHelper80
Asked:
ITHelper80
  • 5
  • 4
2 Solutions
 
aprestoCommented:
If you want to simply check the extension of a file you can use the FileInfo class of the System.IO namespace.
FileInfo file = new FileInfo("C:\\myfile.asp");
then you can access the extension with the file.Extension attribute of this object. Knowing this you can create an If/Switch statement to carry out an action depending on the extension
0
 
aprestoCommented:
Or, you can just use this:
System.IO.Path.GetExtension(this.hpf.PostedFile.FileName);
0
 
ITHelper80Author Commented:
Could you offer a snippet of how to use System.IO.Path.GetExtension(this.hpf.PostedFile.FileName);
to prevent someone from uploading say an .exe file?
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
godirectCommented:
You could throw a ExpressionValidator out there and make sure to validate before running anything.


<asp:RegularExpressionValidator id="RegularExpressionValidator1" runat="server" ErrorMessage="Upload Excel, PDF and ZIP files only." ValidationExpression="^(([a-zA-Z]:)|(\\{2}\w+)\$?)(\\(\w[\w].*))(.xls|.XLS|.pdf|.PDF|.zip|.ZIP|.Zip)$" ControlToValidate="hpf" Display="None"></asp:RegularExpressionValidator>

Open in new window

0
 
ITHelper80Author Commented:
Godirect.

Your validation code does work except when I click on the submit button its tries to validate the field again and throw an error. How can I stop that?
0
 
aprestoCommented:
You can set the "CausesValidation" attribute in the button to false, but this means that when you click submit it will not validate any of the form.
<asp:Button runat="server" CausesValidation="false"...
And in response to your previous question, you can use the System.IO Example like this: (but godirect's is a better solution)

   If System.IO.Path.GetExtension(this.hpf.PostedFile.FileName).ToLower() = "exe" Then
      //This file is invalid, do something
   Else
      //This IS a valid file, do something else
   End If

Open in new window

0
 
ITHelper80Author Commented:
Thanks apresto but my problem I am doing validation of other fields so I cant disable that attribute.
0
 
aprestoCommented:
Ok, well add the attributes that you want to have the button validate to a validation group, then add the button itself to a validation group and this should solve your problem.
Add this to the Validation Controls and the Button that fires the validation:
...runat="server" ValidationGroup="MyValGroup" Id=".....
0
 
ITHelper80Author Commented:
Thanks that took care of it. Since both apresto and godirect help me solve this problem I am going to split the points. Thanks to you both.
0
 
aprestoCommented:
No problem, glad we could help
Apresto
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now