Three ways to determine the type of uploaded files in asp.net-C#.Net Tutorial-php.cn

Home

Backend Development

C#.Net Tutorial

Three ways to determine the type of uploaded files in asp.net

伊谢尔伦

Nov 25, 2016 am 09:09 AM

asp.net

　1. The security is relatively low. Changing the text file 1.txt to 1.jpg can still be uploaded, but the implementation method is easy to understand and simple to implement, so many people on the Internet still use this method.

Boolean fileOk = false;
          string path = Server.MapPath("~/images/");
          //判断是否已经选取文件
          if (FileUpload1.HasFile)
          {
              //取得文件的扩展名,并转换成小写
              string fileExtension = System.IO.Path.GetExtension(FileUpload1.FileName).ToLower();
              //限定只能上传jpg和gif图片
              string[] allowExtension = { ".jpg", ".gif" };
              //对上传的文件的类型进行一个个匹对
              int j = 0;
              for (int i = 0; i < allowExtension.Length; i++)
              {
                  if (fileExtension == allowExtension[i])
                  {
                      fileOk = true;
                      return;
                  }
                  else
                  {
                      j++;
                  }
              }
              if (j > 0)
              {
                  Response.Write("<script>alert(&#39;文件格式不正确&#39;);</script>");
                  return;
              }
          }
          else
          {
              Response.Write("<script>alert(&#39;你还没有选择文件&#39;);</script>");
              return;
          }
          //如果扩展名符合条件，则上传
          if (fileOk)
          {
              FileUpload1.PostedFile.SaveAs(path + FileUpload1.FileName);
              Response.Write("<script>alert(&#39;上传成功&#39;);</script>");
          }

Copy after login

Second, do not detect the file suffix but detect the file MIME content type.

Boolean fileOk = false;
           string path = Server.MapPath("~/images/");
           //判断是否已经选取文件
           if (FileUpload1.HasFile)
           {
               //取得文件MIME内容类型
               string type = this.FileUpload1.PostedFile.ContentType.ToLower();
               if (type.Contains("image"))    //图片的MIME类型为"image/xxx"，这里只判断是否图片。
               {
                   fileOk = true;
 
               }
               else
               {
                   Response.Write("<script>alert(&#39;格式不正确&#39;)</script>");
               }
           }
           else
           {
               Response.Write("<script>alert(&#39;你还没有选择文件&#39;);</script>");
           }
           //如果扩展名符合条件，则上传
           if (fileOk)
           {
               FileUpload1.PostedFile.SaveAs(path + FileUpload1.FileName);
               Response.Write("<script>alert(&#39;上传成功&#39;);</script>");
           }

Copy after login

3. Can realize file type judgment in the true sense

try
            {
                //判断是否已经选取文件
                if (FileUpload1.HasFile)
                {
                    if (IsAllowedExtension(FileUpload1))
                    {
                        string path = Server.MapPath("~/images/");
                        FileUpload1.PostedFile.SaveAs(path + FileUpload1.FileName);
                        Response.Write("<script>alert(&#39;上传成功&#39;);</script>");
                    }
                    else
                    {
                        Response.Write("<script>alert(&#39;您只能上传jpg或者gif图片&#39;);</script>");
                    }
 
                }
                else
                {
                    Response.Write("<script>alert(&#39;你还没有选择文件&#39;);</script>");
                }
            }
            catch (Exception error)
            {
                Response.Write(error.ToString());
            }
            #endregion
        }
//真正判断文件类型的关键函数
        public static bool IsAllowedExtension(FileUpload hifile)
        {
            System.IO.FileStream fs = new System.IO.FileStream(hifile.PostedFile.FileName, System.IO.FileMode.Open, System.IO.FileAccess.Read);
            System.IO.BinaryReader r = new System.IO.BinaryReader(fs);
            string fileclass = "";
            //这里的位长要具体判断.
            byte buffer;
            try
            {
                buffer = r.ReadByte();
                fileclass = buffer.ToString();
                buffer = r.ReadByte();
                fileclass += buffer.ToString();
 
            }
            catch
            {
 
            }
            r.Close();
            fs.Close();
            if (fileclass == "255216" || fileclass == "7173")//说明255216是jpg;7173是gif;6677是BMP,13780是PNG;7790是exe,8297是rar
            {
                return true;
            }
            else
            {
                return false;
            }
 
        }

Copy after login

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hello Kitty Island Adventure: How To Get Giant Seeds

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

How Long Does It Take To Beat Split Fiction?

4 weeks ago By DDD

R.E.P.O. Save File Location: Where Is It & How to Protect It?

4 weeks ago By DDD

Two Point Museum: All Exhibits And Where To Find Them

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7378

Java Tutorial

1628

CakePHP Tutorial

1357

Laravel Tutorial

1267

PHP Tutorial

1216

Related knowledge

How to use char array in C language Apr 03, 2025 pm 03:24 PM

The char array stores character sequences in C language and is declared as char array_name[size]. The access element is passed through the subscript operator, and the element ends with the null terminator '\0', which represents the end point of the string. The C language provides a variety of string manipulation functions, such as strlen(), strcpy(), strcat() and strcmp().

.NET Deep Dive: Mastering Asynchronous Programming, LINQ, and EF Core Mar 31, 2025 pm 04:07 PM

The core concepts of .NET asynchronous programming, LINQ and EFCore are: 1. Asynchronous programming improves application responsiveness through async and await; 2. LINQ simplifies data query through unified syntax; 3. EFCore simplifies database operations through ORM.

How to use various symbols in C language Apr 03, 2025 pm 04:48 PM

The usage methods of symbols in C language cover arithmetic, assignment, conditions, logic, bit operators, etc. Arithmetic operators are used for basic mathematical operations, assignment operators are used for assignment and addition, subtraction, multiplication and division assignment, condition operators are used for different operations according to conditions, logical operators are used for logical operations, bit operators are used for bit-level operations, and special constants are used to represent null pointers, end-of-file markers, and non-numeric values.

What is the role of char in C strings Apr 03, 2025 pm 03:15 PM

In C, the char type is used in strings: 1. Store a single character; 2. Use an array to represent a string and end with a null terminator; 3. Operate through a string operation function; 4. Read or output a string from the keyboard.

Avoid errors caused by default in C switch statements Apr 03, 2025 pm 03:45 PM

A strategy to avoid errors caused by default in C switch statements: use enums instead of constants, limiting the value of the case statement to a valid member of the enum. Use fallthrough in the last case statement to let the program continue to execute the following code. For switch statements without fallthrough, always add a default statement for error handling or provide default behavior.

What is the function of C language sum? Apr 03, 2025 pm 02:21 PM

There is no built-in sum function in C language, so it needs to be written by yourself. Sum can be achieved by traversing the array and accumulating elements: Loop version: Sum is calculated using for loop and array length. Pointer version: Use pointers to point to array elements, and efficient summing is achieved through self-increment pointers. Dynamically allocate array version: Dynamically allocate arrays and manage memory yourself, ensuring that allocated memory is freed to prevent memory leaks.

How to handle special characters in C language Apr 03, 2025 pm 03:18 PM

In C language, special characters are processed through escape sequences, such as: \n represents line breaks. \t means tab character. Use escape sequences or character constants to represent special characters, such as char c = '\n'. Note that the backslash needs to be escaped twice. Different platforms and compilers may have different escape sequences, please consult the documentation.

How to convert char in C language Apr 03, 2025 pm 03:21 PM

In C language, char type conversion can be directly converted to another type by: casting: using casting characters. Automatic type conversion: When one type of data can accommodate another type of value, the compiler automatically converts it.

See all articles