# Region 1. The security is relatively low. You can change the hosts file 1.txtto 1.jpg, but the implementation method is easy to understand and easy to implement. Therefore, many online users still adopt this method.
Boolean fileOk = false;
String path = Server. MapPath ("~ /Images /");
// Determine whether a file has been selected
If (FileUpload1.HasFile)
{
// Get the file extension and convert it to lowercase
String fileExtension = System. IO. Path. GetExtension (FileUpload1.FileName). ToLower ();
// Only jpg and GIF images can be uploaded.
String [] allowExtension = {". jpg", ". gif "};
// Perform one-by-one matching on the types of uploaded files
Int j = 0;
For (int I = 0; I <allowExtension. Length; I ++)
{
If (fileExtension = allowExtension [I])
{
FileOk = true;
Return;
}
Else
{
J ++;
}
}
If (j> 0)
{
Response. Write ("<script> alert ('file format incorrect '); </script> ");
Return;
}
}
Else
{
Response. Write ("<script> alert ('you have not selected file'); </script> ");
Return;
}
// Upload if the extension meets the criteria
If (fileOk)
{
FileUpload1.PostedFile. SaveAs (path + FileUpload1.FileName );
Response. Write ("<script> alert ('uploaded successfully'); </script> ");
}
# Endregion
# Region 2. Check the MIME content type of the file instead of the file suffix.
Boolean fileOk = false;
String path = Server. MapPath ("~ /Images /");
// Determine whether a file has been selected
If (FileUpload1.HasFile)
{
// Obtain the object MIME content type
String type = this. FileUpload1.PostedFile. ContentType. ToLower ();
If (type. Contains ("image") // The MIME type of the image is "image/xxx". Only the image is determined here.
{
FileOk = true;
}
Else
{
Response. Write ("<script> alert ('incorrectly formatted ') </script> ");
}
}
Else
{
Response. Write ("<script> alert ('you have not selected file'); </script> ");
}
// Upload if the extension meets the criteria
If (fileOk)
{
FileUpload1.PostedFile. SaveAs (path + FileUpload1.FileName );
Response. Write ("<script> alert ('uploaded successfully'); </script> ");
}
# Endregion # region can be used to determine the file type in the true sense.
Try
{
// Determine whether a file has been selected
If (FileUpload1.HasFile)
{
If (IsAllowedExtension (FileUpload1 ))
{
String path = Server. MapPath ("~ /Images /");
FileUpload1.PostedFile. SaveAs (path + FileUpload1.FileName );
Response. Write ("<script> alert ('uploaded successfully'); </script> ");
}
Else
{
Response. Write ("<script> alert ('you can only upload jpg or GIF image'); </script> ");
}
}
Else
{
Response. Write ("<script> alert ('you have not selected file'); </script> ");
}
}
Catch (Exception error)
{
Response. Write (error. ToString ());
}
# Endregion
} // Key functions that really determine the file type
Public static bool IsAllowedExtension (FileUpload hifile)
{
System. IO. FileStream fs = new System. IO. FileStream (hifile. PostedFile. FileName, System. IO. FileMode. Open, System. IO. FileAccess. Read );
System. IO. BinaryReader r = new System. IO. BinaryReader (fs );
String fileclass = "";
// Determine the bit length here.
Byte buffer;
Try
{
Buffer = r. ReadByte ();
Fileclass = buffer. ToString ();
Buffer = r. ReadByte ();
Fileclass + = buffer. ToString ();
}
Catch
{
}
R. Close ();
Fs. Close ();
If (fileclass = "255216" | fileclass = "7173") // The 255216 is jpg, 7173 is gif, 6677 is BMP, 13780 is PNG, and 7790 is exe, 8297 is rar
{
Return true;
}
Else
{
Return false;
}
}