Web Design-[ASP.NET] restricts two kinds of methods that upload file type-Website Design |
|
|
|
Web Design Company
Normally, upload harmful file because of the user to prevent (like program of trojan, hacker) caused security problem, the file kind that Web program can allow to upload to the user tries to restrict. And what the article will introduce is how to those who use Web Control is in ASP.NET application process inside the function that buy attribute realizes limitation simple and efficiently to upload file type. Save in the SaveAs method that calls PostFile boy or girl friend before uploading a file, the FileName property that can pass PostFile boy or girl friend gets uploading file name. And had uploading file name, whether does the document that can use the method that compares suffixal to the file name to know to upload attribute the file kind that allows to upload. According to this thought, we got below this paragraph of code: If Path.GetExtension(sFilePath) <>".zip" Then Label2.Text = " applies a program to allow to upload the file of Zip format only originally, ask new option! Ask new option!! Return If upload suffixal name,not be the file of Zip at this moment, can discover the file cannot upload. Nevertheless, this expresses us cannot the file that uploads other form. Actually, before if be in,uploading, beforehand the file suffixal name changes Zip, this paragraph of code loses action above. Can appear this kind of circumstance, comparing merely at the judgement above was opposite file name symbol is strung together, did not do further analysis to file format. Accordingly, if want to limit uploading file type thoroughly, still need to use the ContentType property of PostFile object. The MIME (that the function of ContentType attribute is the document that gets client end to send is noted one) content type, before because the browser is in,sending a request to the server, can send the MIME kind of content certainly above all, the one part that regards information as MIME type refers server end, accordingly, had MIME type news (note 2) , OK and accurate know to upload the real kind of the file. If File1.PostedFile.ContentType <>"Application/zip" Then Label2.Text = " applies a program to allow to upload the file of Zip format only originally, ask new option! Ask new option!! At this moment, the method that if be used again,revises suffixal name also uploaded a file with respect to meeting discovery again. Note one: MIME is standard of a kind of technology, its Chinese interpreter expands for multipurpose Internet mail (Multipurpose Internet Mail Extensions) , basically use the file; that different encode pattern shows in transmission process Note 2: Want to get the MIME definition of different file format, should start only register watch editor, find below HKEY_CLASSES_ROOT next with suffixal name corresponding enrollment is expressed, if be put in the MIME definition of file format, in right side window the mouth can show a key that the name is “Content Type” , and the MIME definition that the value of this key is file format. Two kinds of methods mix above with, uploaded a file to basically be restricted. But if if certain a person with high aspirations and determination changes the content that the MIME that registers a watch is worth to be able to upload baleful program euqally, if such word, have consolidate program and system only, do not let its change the patulous name of the file after uploading. Or it is to use what define oneself to accuse, use closer detect measure Web Hosting |
01/20/2010
To learn css could help you in long run to accelerate your career and develop yourself to create new career avenues for yourself.
Posted by: Linda Taylor | 03/22/2011 at 04:40 下午