 |
ASP.NET 2.0 Professional If you are an experienced ASP.NET programmer, this is the forum for your 2.0 questions. Please also see the Visual Web Developer 2005 forum. |
Welcome to the p2p.wrox.com Forums.
You are currently viewing the ASP.NET 2.0 Professional section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
|
|
|

October 14th, 2006, 10:02 AM
|
Friend of Wrox
|
|
Join Date: Oct 2005
Posts: 173
Thanks: 0
Thanked 2 Times in 1 Post
|
|
FileUpload.Hasfile Question
Hi All
I am wanting to restrict my upload to only accepting JPG files. I have the following code to do so:
If FileUpload1.HasFile Then
Dim objRegex As Regex = New Regex("(.*?)\.jpg")
If Not objRegex.IsMatch(FileUpload1.PostedFile.FileName) Then
lblstatus.Text = "Invalid Image format. Please make sure to use JPEG format (.jpg)."
End If
End If
Using this code, would the file have been uploaded in ANY WAY before the check has been performed?.. there seems to be diferring opinion on the Net regarding the anwser.
Many thanks
Rit
__________________
Rit
www.designandonline.co.uk
INSPIRE | CREATE | DELIVER
|

October 15th, 2006, 11:11 AM
|
 |
Wrox Author
|
|
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
|
|
Hi Rit,
Yes, at that stage the file has already been uploaded completely. You can use the posted file right away.
To see for yourself, you could upload a large file and set a breakpoint in your code where the extension is checked. You'll see that you have to wait for the file to be uploaded before the code breaks.
You can also set a Watch in Visual Studio for FileUpload1.PostedFile. You'll see that in your If check the posted file has a ContentLength that matches the size of your uploaded file.
HtH,
Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
|

October 15th, 2006, 01:51 PM
|
Friend of Wrox
|
|
Join Date: Oct 2005
Posts: 173
Thanks: 0
Thanked 2 Times in 1 Post
|
|
Hi Imar
I hope you are keeping well. Thanks for the advice.
Is there a way to check the file type prior to it being uploaded using ASP.NET/ VB?... do you recommend a method within your ASP.NET 2 Instant Results book that I could turn to?.. little plug for you :-)
Many thanks
Rit
|

October 15th, 2006, 11:37 PM
|
Friend of Wrox
|
|
Join Date: Sep 2005
Posts: 812
Thanks: 1
Thanked 53 Times in 49 Posts
|
|
Hi Imar & Rit
Does that mean that we should do some client-side validation using javascript to check the file extension?
Regards
Shasur
http://www.vbadud.blogspot.com
|

October 16th, 2006, 03:04 AM
|
Friend of Wrox
|
|
Join Date: Oct 2005
Posts: 173
Thanks: 0
Thanked 2 Times in 1 Post
|
|
Hi Shasur
That is exactly what I have been advised elsewhere unless their is a .Net alternative.
Rit
|

October 16th, 2006, 03:15 AM
|
 |
Wrox Author
|
|
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
|
|
Yes, that's one way to do it. However, you still need to validate at the server as well, because it's easy to disable JavaScript.
For an IE solution only, you can take a look at Persits' XUpload: http://xupload.aspupload.com/index.html
Cheers,
Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
|

October 16th, 2006, 03:24 AM
|
Friend of Wrox
|
|
Join Date: Oct 2005
Posts: 173
Thanks: 0
Thanked 2 Times in 1 Post
|
|
Hi Imar
I suppose another alternative is to use a Regular Expression... RigExLib seem to have quite a few to offer.. http://regexlib.com/Search.aspx?k=file%20type
Many thanks
Rit
|

October 16th, 2006, 05:52 AM
|
 |
Wrox Author
|
|
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
|
|
Your original example already featured a regular expression....
But, I don't think using regular expressions is an alternative. It's just a technique to check a string for a certain expression. You still need to determine where to perform the check: at the client and the server, or only at the server.
Cheers,
Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
|

October 18th, 2006, 10:36 AM
|
Friend of Wrox
|
|
Join Date: Oct 2005
Posts: 173
Thanks: 0
Thanked 2 Times in 1 Post
|
|
cool, client side script it is.
Thanks All
Rit
|

October 18th, 2006, 02:25 PM
|
 |
Wrox Author
|
|
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
|
|
Hi Rit,
Maybe you missed the point from my previous post? If you use client side validation, you *also* need server side validation. You should see client side validation as a courtesy to the user only. It would be too easy to disable client side script (or construct my own form) and upload an .exe file instead of a .jpg file. This could be a potential security risk.
So, use client side validation to make your users happy; you'll prevent them from uploading incorrect files by mistake. Use server side validation to make sure the stuff that is being sent to your server matches your expectations.
HtH,
Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
While typing this post, I was listening to: Sweet Release by Tindersticks (Track 5 from the album: Can our love...) What's This?
|
|
 |