简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
Home > Backend Development > C#.Net Tutorial > body text

Three ways to determine the type of uploaded files in asp.net

伊谢尔伦
Release: 2016-11-25 09:09:06
Original
1585 people have browsed it

 1. The security is relatively low. Changing the text file 1.txt to 1.jpg can still be uploaded, but the implementation method is easy to understand and simple to implement, so many people on the Internet still use this method. 

Boolean fileOk = false;
          string path = Server.MapPath("~/images/");
          //判断是否已经选取文件
          if (FileUpload1.HasFile)
          {
              //取得文件的扩展名,并转换成小写
              string fileExtension = System.IO.Path.GetExtension(FileUpload1.FileName).ToLower();
              //限定只能上传jpg和gif图片
              string[] allowExtension = { ".jpg", ".gif" };
              //对上传的文件的类型进行一个个匹对
              int j = 0;
              for (int i = 0; i < allowExtension.Length; i++)
              {
                  if (fileExtension == allowExtension[i])
                  {
                      fileOk = true;
                      return;
                  }
                  else
                  {
                      j++;
                  }
              }
              if (j > 0)
              {
                  Response.Write("<script>alert(&#39;文件格式不正确&#39;);</script>");
                  return;
              }
          }
          else
          {
              Response.Write("<script>alert(&#39;你还没有选择文件&#39;);</script>");
              return;
          }
          //如果扩展名符合条件,则上传
          if (fileOk)
          {
              FileUpload1.PostedFile.SaveAs(path + FileUpload1.FileName);
              Response.Write("<script>alert(&#39;上传成功&#39;);</script>");
          }
Copy after login

Second, do not detect the file suffix but detect the file MIME content type. 

Boolean fileOk = false;
           string path = Server.MapPath("~/images/");
           //判断是否已经选取文件
           if (FileUpload1.HasFile)
           {
               //取得文件MIME内容类型
               string type = this.FileUpload1.PostedFile.ContentType.ToLower();
               if (type.Contains("image"))    //图片的MIME类型为"image/xxx",这里只判断是否图片。
               {
                   fileOk = true;
 
               }
               else
               {
                   Response.Write("<script>alert(&#39;格式不正确&#39;)</script>");
               }
           }
           else
           {
               Response.Write("<script>alert(&#39;你还没有选择文件&#39;);</script>");
           }
           //如果扩展名符合条件,则上传
           if (fileOk)
           {
               FileUpload1.PostedFile.SaveAs(path + FileUpload1.FileName);
               Response.Write("<script>alert(&#39;上传成功&#39;);</script>");
           }
Copy after login

3. Can realize file type judgment in the true sense

try
            {
                //判断是否已经选取文件
                if (FileUpload1.HasFile)
                {
                    if (IsAllowedExtension(FileUpload1))
                    {
                        string path = Server.MapPath("~/images/");
                        FileUpload1.PostedFile.SaveAs(path + FileUpload1.FileName);
                        Response.Write("<script>alert(&#39;上传成功&#39;);</script>");
                    }
                    else
                    {
                        Response.Write("<script>alert(&#39;您只能上传jpg或者gif图片&#39;);</script>");
                    }
 
                }
                else
                {
                    Response.Write("<script>alert(&#39;你还没有选择文件&#39;);</script>");
                }
            }
            catch (Exception error)
            {
                Response.Write(error.ToString());
            }
            #endregion
        }
//真正判断文件类型的关键函数
        public static bool IsAllowedExtension(FileUpload hifile)
        {
            System.IO.FileStream fs = new System.IO.FileStream(hifile.PostedFile.FileName, System.IO.FileMode.Open, System.IO.FileAccess.Read);
            System.IO.BinaryReader r = new System.IO.BinaryReader(fs);
            string fileclass = "";
            //这里的位长要具体判断.
            byte buffer;
            try
            {
                buffer = r.ReadByte();
                fileclass = buffer.ToString();
                buffer = r.ReadByte();
                fileclass += buffer.ToString();
 
            }
            catch
            {
 
            }
            r.Close();
            fs.Close();
            if (fileclass == "255216" || fileclass == "7173")//说明255216是jpg;7173是gif;6677是BMP,13780是PNG;7790是exe,8297是rar
            {
                return true;
            }
            else
            {
                return false;
            }
 
        }
Copy after login


Related labels:
asp.net
source:php.cn
Previous article:Solve the "potentially dangerous Request.Form value detected from the client" error in asp.net Next article:Four methods for downloading C# files
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
Retrieve WordPress Photo' value to be placed in custom php page I need to create a WordPress website from existing HTML (more specifically from an asp.net...
From 2024-04-02 19:13:12
0
1
296
Uncheck specific rows in Kendo Grid select column in ASP.NET MVC using JavaScript and jQuery: Step-by-step guide I have a KendoGrid in my ASP.NETMVC5 project. One of the columns is a select column and I ...
From 2024-03-30 17:18:30
0
1
376
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!