p2p.wrox.com Forums

p2p.wrox.com Forums (http://p2p.wrox.com/index.php)
-   ASP.NET 2.0 Professional (http://p2p.wrox.com/forumdisplay.php?f=215)
-   -   FileUpload.Hasfile Question (http://p2p.wrox.com/showthread.php?t=49025)

rit01 October 14th, 2006 10:02 AM

FileUpload.Hasfile Question
 
Hi All

I am wanting to restrict my upload to only accepting JPG files. I have the following code to do so:

If FileUpload1.HasFile Then
            Dim objRegex As Regex = New Regex("(.*?)\.jpg")
            If Not objRegex.IsMatch(FileUpload1.PostedFile.FileName) Then
                lblstatus.Text = "Invalid Image format. Please make sure to use JPEG format (.jpg)."
         End If
End If

Using this code, would the file have been uploaded in ANY WAY before the check has been performed?.. there seems to be diferring opinion on the Net regarding the anwser.

Many thanks

Rit

Imar October 15th, 2006 11:11 AM

Hi Rit,

Yes, at that stage the file has already been uploaded completely. You can use the posted file right away.

To see for yourself, you could upload a large file and set a breakpoint in your code where the extension is checked. You'll see that you have to wait for the file to be uploaded before the code breaks.
You can also set a Watch in Visual Studio for FileUpload1.PostedFile. You'll see that in your If check the posted file has a ContentLength that matches the size of your uploaded file.

HtH,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.

rit01 October 15th, 2006 01:51 PM

Hi Imar

I hope you are keeping well. Thanks for the advice.

Is there a way to check the file type prior to it being uploaded using ASP.NET/VB?... do you recommend a method within your ASP.NET 2 Instant Results book that I could turn to?.. little plug for you :-)

Many thanks
Rit

Shasur October 15th, 2006 11:37 PM

Hi Imar & Rit

Does that mean that we should do some client-side validation using javascript to check the file extension?

Regards
Shasur

http://www.vbadud.blogspot.com

rit01 October 16th, 2006 03:04 AM

Hi Shasur

That is exactly what I have been advised elsewhere unless their is a .Net alternative.

Rit

Imar October 16th, 2006 03:15 AM

Yes, that's one way to do it. However, you still need to validate at the server as well, because it's easy to disable JavaScript.

For an IE solution only, you can take a look at Persits' XUpload: http://xupload.aspupload.com/index.html

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.

rit01 October 16th, 2006 03:24 AM

Hi Imar

I suppose another alternative is to use a Regular Expression... RigExLib seem to have quite a few to offer.. http://regexlib.com/Search.aspx?k=file%20type

Many thanks

Rit

Imar October 16th, 2006 05:52 AM

Your original example already featured a regular expression....

But, I don't think using regular expressions is an alternative. It's just a technique to check a string for a certain expression. You still need to determine where to perform the check: at the client and the server, or only at the server.

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.

rit01 October 18th, 2006 10:36 AM

cool, client side script it is.

Thanks All

Rit

Imar October 18th, 2006 02:25 PM

Hi Rit,

Maybe you missed the point from my previous post? If you use client side validation, you *also* need server side validation. You should see client side validation as a courtesy to the user only. It would be too easy to disable client side script (or construct my own form) and upload an .exe file instead of a .jpg file. This could be a potential security risk.

So, use client side validation to make your users happy; you'll prevent them from uploading incorrect files by mistake. Use server side validation to make sure the stuff that is being sent to your server matches your expectations.

HtH,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
While typing this post, I was listening to: Sweet Release by Tindersticks (Track 5 from the album: Can our love...) What's This?


All times are GMT -4. The time now is 04:34 AM.

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.