Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 2.0 > ASP.NET 2.0 Professional
Password Reminder
Register
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
ASP.NET 2.0 Professional If you are an experienced ASP.NET programmer, this is the forum for your 2.0 questions. Please also see the Visual Web Developer 2005 forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 2.0 Professional section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
 
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old October 14th, 2006, 10:02 AM
Friend of Wrox
 
Join Date: Oct 2005
Location: , , United Kingdom.
Posts: 173
Thanks: 0
Thanked 2 Times in 1 Post
Default FileUpload.Hasfile Question

Hi All

I am wanting to restrict my upload to only accepting JPG files. I have the following code to do so:

If FileUpload1.HasFile Then
            Dim objRegex As Regex = New Regex("(.*?)\.jpg")
            If Not objRegex.IsMatch(FileUpload1.PostedFile.FileName) Then
                lblstatus.Text = "Invalid Image format. Please make sure to use JPEG format (.jpg)."
         End If
End If

Using this code, would the file have been uploaded in ANY WAY before the check has been performed?.. there seems to be diferring opinion on the Net regarding the anwser.

Many thanks

Rit
__________________
Rit
www.designandonline.co.uk
INSPIRE | CREATE | DELIVER
  #2 (permalink)  
Old October 15th, 2006, 11:11 AM
Imar's Avatar
Wrox Author
Points: 72,055, Level: 100
Points: 72,055, Level: 100 Points: 72,055, Level: 100 Points: 72,055, Level: 100
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,086
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Hi Rit,

Yes, at that stage the file has already been uploaded completely. You can use the posted file right away.

To see for yourself, you could upload a large file and set a breakpoint in your code where the extension is checked. You'll see that you have to wait for the file to be uploaded before the code breaks.
You can also set a Watch in Visual Studio for FileUpload1.PostedFile. You'll see that in your If check the posted file has a ContentLength that matches the size of your uploaded file.

HtH,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
  #3 (permalink)  
Old October 15th, 2006, 01:51 PM
Friend of Wrox
 
Join Date: Oct 2005
Location: , , United Kingdom.
Posts: 173
Thanks: 0
Thanked 2 Times in 1 Post
Default

Hi Imar

I hope you are keeping well. Thanks for the advice.

Is there a way to check the file type prior to it being uploaded using ASP.NET/VB?... do you recommend a method within your ASP.NET 2 Instant Results book that I could turn to?.. little plug for you :-)

Many thanks
Rit
  #4 (permalink)  
Old October 15th, 2006, 11:37 PM
Friend of Wrox
Points: 3,060, Level: 23
Points: 3,060, Level: 23 Points: 3,060, Level: 23 Points: 3,060, Level: 23
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Sep 2005
Location: , , .
Posts: 812
Thanks: 1
Thanked 53 Times in 49 Posts
Default

Hi Imar & Rit

Does that mean that we should do some client-side validation using javascript to check the file extension?

Regards
Shasur

http://www.vbadud.blogspot.com
  #5 (permalink)  
Old October 16th, 2006, 03:04 AM
Friend of Wrox
 
Join Date: Oct 2005
Location: , , United Kingdom.
Posts: 173
Thanks: 0
Thanked 2 Times in 1 Post
Default

Hi Shasur

That is exactly what I have been advised elsewhere unless their is a .Net alternative.

Rit
  #6 (permalink)  
Old October 16th, 2006, 03:15 AM
Imar's Avatar
Wrox Author
Points: 72,055, Level: 100
Points: 72,055, Level: 100 Points: 72,055, Level: 100 Points: 72,055, Level: 100
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,086
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Yes, that's one way to do it. However, you still need to validate at the server as well, because it's easy to disable JavaScript.

For an IE solution only, you can take a look at Persits' XUpload: http://xupload.aspupload.com/index.html

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
  #7 (permalink)  
Old October 16th, 2006, 03:24 AM
Friend of Wrox
 
Join Date: Oct 2005
Location: , , United Kingdom.
Posts: 173
Thanks: 0
Thanked 2 Times in 1 Post
Default

Hi Imar

I suppose another alternative is to use a Regular Expression... RigExLib seem to have quite a few to offer.. http://regexlib.com/Search.aspx?k=file%20type

Many thanks

Rit
  #8 (permalink)  
Old October 16th, 2006, 05:52 AM
Imar's Avatar
Wrox Author
Points: 72,055, Level: 100
Points: 72,055, Level: 100 Points: 72,055, Level: 100 Points: 72,055, Level: 100
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,086
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Your original example already featured a regular expression....

But, I don't think using regular expressions is an alternative. It's just a technique to check a string for a certain expression. You still need to determine where to perform the check: at the client and the server, or only at the server.

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
  #9 (permalink)  
Old October 18th, 2006, 10:36 AM
Friend of Wrox
 
Join Date: Oct 2005
Location: , , United Kingdom.
Posts: 173
Thanks: 0
Thanked 2 Times in 1 Post
Default

cool, client side script it is.

Thanks All

Rit
  #10 (permalink)  
Old October 18th, 2006, 02:25 PM
Imar's Avatar
Wrox Author
Points: 72,055, Level: 100
Points: 72,055, Level: 100 Points: 72,055, Level: 100 Points: 72,055, Level: 100
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,086
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Hi Rit,

Maybe you missed the point from my previous post? If you use client side validation, you *also* need server side validation. You should see client side validation as a courtesy to the user only. It would be too easy to disable client side script (or construct my own form) and upload an .exe file instead of a .jpg file. This could be a potential security risk.

So, use client side validation to make your users happy; you'll prevent them from uploading incorrect files by mistake. Use server side validation to make sure the stuff that is being sent to your server matches your expectations.

HtH,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
While typing this post, I was listening to: Sweet Release by Tindersticks (Track 5 from the album: Can our love...) What's This?
 


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Fileupload in Ajax bobwith5 ASP.NET 2.0 Professional 3 October 18th, 2008 09:59 AM
FileUpload control aliirfan84 ASP.NET 2.0 Professional 1 June 2nd, 2007 03:37 PM
FileUpload Memory Management Question dparsons ASP.NET 2.0 Professional 0 February 21st, 2007 10:22 AM
FileUpload Control MunishBhatia ASP.NET 2.0 Basics 2 December 6th, 2006 04:03 AM
FileUpload FIlter tony_j_hug ASP.NET 2.0 Basics 1 October 28th, 2005 06:55 PM



All times are GMT -4. The time now is 09:17 AM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.