Solved

ASP.Net File upload control limit file extensions

Posted on 2009-03-31
10
2,166 Views
Last Modified: 2012-05-06
How can I limit the type of files that are allowed to be uploaded using the code below?
Imports System.IO

Partial Class _Default

    Inherits System.Web.UI.Page

    Protected Sub btnSubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnSubmit.Click
 

        Dim con As New System.Data.OleDb.OleDbConnection

        Dim myPath As String
 
 

        myPath = Server.MapPath("App_Data/BestPractices.mdb")

        con.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0; Data source=" & myPath & ";"
 

        Dim insCmd As New System.Data.OleDb.OleDbCommand
 

        'insCmd.CommandText = "insert into Data (Import_Export,Location,Descp,Cont,Share_MDY) values('" & ddType.SelectedValue & "','" & Replace(txtLocation.Text, "'", "''") & "','" & Replace(txtDescription.Text, "'", "''") & "','" & Replace(txtContact.Text, "'", "''") & "',#" & StartDatetxt.Text & "#)"
 

        insCmd.CommandText = "insert into Data (Import_Export,Location,Descp,Contact,Share_MDY) " & _

                     " values('" & ddType.SelectedValue & "','" & Replace(txtLocation.Text, "'", "''") & "','" & _

                     Replace(txtDescription.Text, "'", "''") & "','" & Replace(txtContact.Text, "'", "''") & "',#" & _

                     StartDatetxt.Text & "#)"
 
 
 

        insCmd.Connection = con
 

        Dim idCmd As New System.Data.OleDb.OleDbCommand
 

        idCmd.Connection = con

        con.Open()

        insCmd.ExecuteNonQuery()

        con.Close()
 
 

        Dim strStatusMessage As String
 

        Try

            Dim hfc As HttpFileCollection = Request.Files
 

            For i As Integer = 0 To hfc.Count - 1
 

                Dim hpf As HttpPostedFile = hfc(i)
 
 

                If hpf.ContentLength > 0 Then
 

                    If Not File.Exists(Server.MapPath("~/uploads/") & "\" & Path.GetFileName(hpf.FileName)) Then
 

                        hpf.SaveAs(Server.MapPath("~/uploads/") & "\" & Path.GetFileName(hpf.FileName))

                        strStatusMessage = "File saved at: \\cletnsrv01\EBE\Reports_Data_List_Charts\Best Practice Sharing\"

                    Else

                        strStatusMessage = "Diddnt Overwrite"

                    End If

                End If
 

            Next i
 
 

        Catch Ex As Exception

            strStatusMessage = "Unable to save the uploaded file.  " _

             & "The error was: " & Ex.Message
 

        Finally

            lblSaveResults.Visible = True

            lblSaveResults.Text = strStatusMessage

            lblreceive.Visible = True

            tblresults.Visible = True

            lblFileName1.Text = FileUpload1.PostedFile.FileName

            lblFileType1.Text = FileUpload1.PostedFile.ContentType

            lblFileSize1.Text = FileUpload1.PostedFile.ContentLength
 
 

            If FileUpload2.HasFile Then

                lblFileName2.Text = FileUpload1.PostedFile.FileName

                lblFileType2.Text = FileUpload1.PostedFile.ContentType

                lblFileSize2.Text = FileUpload1.PostedFile.ContentLength

            Else

                lblFileName2.Text = ""

                lblFileType2.Text = ""

                lblFileSize2.Text = ""
 

                If FileUpload3.HasFile Then

                    lblFileName3.Text = FileUpload1.PostedFile.FileName

                    lblFileType3.Text = FileUpload1.PostedFile.ContentType

                    lblFileSize3.Text = FileUpload1.PostedFile.ContentLength

                Else

                    lblFileName3.Text = ""

                    lblFileType3.Text = ""

                    lblFileSize3.Text = ""
 

                    If FileUpload4.HasFile Then

                        lblFileName4.Text = FileUpload1.PostedFile.FileName

                        lblFileType4.Text = FileUpload1.PostedFile.ContentType

                        lblFileSize4.Text = FileUpload1.PostedFile.ContentLength

                    Else

                        lblFileName4.Text = ""

                        lblFileType4.Text = ""

                        lblFileSize4.Text = ""

                    End If

                End If

            End If

        End Try

Open in new window

0
Comment
Question by:ITHelper80
  • 5
  • 4
10 Comments
 
LVL 23

Expert Comment

by:apresto
Comment Utility
If you want to simply check the extension of a file you can use the FileInfo class of the System.IO namespace.
FileInfo file = new FileInfo("C:\\myfile.asp");
then you can access the extension with the file.Extension attribute of this object. Knowing this you can create an If/Switch statement to carry out an action depending on the extension
0
 
LVL 23

Expert Comment

by:apresto
Comment Utility
Or, you can just use this:
System.IO.Path.GetExtension(this.hpf.PostedFile.FileName);
0
 
LVL 6

Author Comment

by:ITHelper80
Comment Utility
Could you offer a snippet of how to use System.IO.Path.GetExtension(this.hpf.PostedFile.FileName);
to prevent someone from uploading say an .exe file?
0
 

Accepted Solution

by:
godirect earned 275 total points
Comment Utility
You could throw a ExpressionValidator out there and make sure to validate before running anything.


<asp:RegularExpressionValidator id="RegularExpressionValidator1" runat="server" ErrorMessage="Upload Excel, PDF and ZIP files only." ValidationExpression="^(([a-zA-Z]:)|(\\{2}\w+)\$?)(\\(\w[\w].*))(.xls|.XLS|.pdf|.PDF|.zip|.ZIP|.Zip)$" ControlToValidate="hpf" Display="None"></asp:RegularExpressionValidator>

Open in new window

0
 
LVL 6

Author Comment

by:ITHelper80
Comment Utility
Godirect.

Your validation code does work except when I click on the submit button its tries to validate the field again and throw an error. How can I stop that?
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 23

Expert Comment

by:apresto
Comment Utility
You can set the "CausesValidation" attribute in the button to false, but this means that when you click submit it will not validate any of the form.
<asp:Button runat="server" CausesValidation="false"...
And in response to your previous question, you can use the System.IO Example like this: (but godirect's is a better solution)

   If System.IO.Path.GetExtension(this.hpf.PostedFile.FileName).ToLower() = "exe" Then

      //This file is invalid, do something

   Else

      //This IS a valid file, do something else

   End If

Open in new window

0
 
LVL 6

Author Comment

by:ITHelper80
Comment Utility
Thanks apresto but my problem I am doing validation of other fields so I cant disable that attribute.
0
 
LVL 23

Assisted Solution

by:apresto
apresto earned 225 total points
Comment Utility
Ok, well add the attributes that you want to have the button validate to a validation group, then add the button itself to a validation group and this should solve your problem.
Add this to the Validation Controls and the Button that fires the validation:
...runat="server" ValidationGroup="MyValGroup" Id=".....
0
 
LVL 6

Author Comment

by:ITHelper80
Comment Utility
Thanks that took care of it. Since both apresto and godirect help me solve this problem I am going to split the points. Thanks to you both.
0
 
LVL 23

Expert Comment

by:apresto
Comment Utility
No problem, glad we could help
Apresto
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
The ECB site provides FX rates for major currencies since its inception in 1999 in the form of an XML feed. The files have the following format (reducted for brevity) (CODE) There are three files available HERE (http://www.ecb.europa.eu/stats/exch…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now