Generally, to prevent users from uploading harmful files (such as Trojans and hackers ), Program . This article will introduce how to use the built-in properties of Web Control in ASP. NET Applications to easily and efficiently limit the upload file type. Before calling the saveas method of the postfile object to save the uploaded file, you can obtain the uploaded file name through the filename attribute of the postfile object. With the uploaded file name, you can check whether the uploaded file belongs to the allowed file type by comparing the file suffix.
Based on this idea, we can see the following sectionCode:
If path. getextension (sfilepath) <> ". Zip" then
Label2.text = "this application only allows uploading ZIP files. Please select again! "
Return
In this case, if the uploaded file is not a zip file, you will find that the file cannot be uploaded. However, this does not mean that we cannot upload files in other formats. In fact, if you change the file suffix to zip before uploading, the above Code will become useless.
The reason for this is that the above judgment only compares the file name string and does not further analyze the file format. Therefore, to completely limit the type of the uploaded file, you also need to use the contenttype attribute of the postfile object. The contenttype attribute is used to obtain the mime (Note 1) content type of the file sent by the client. The browser determines the MIME type of the content to be sent before sending a request to the server, the MIME type is submitted to the server as part of the information. Therefore, with the MIME type information (note 2), you can accurately know the actual type of the uploaded file.
If file1.postedfile. contenttype <> "application/zip" then
Label2.text = "this application only allows uploading ZIP files. Please select again! "
If you use the suffix modification method to upload a file, you will find that the file cannot be uploaded again.
Note 1: mime is a technical specification. Its Chinese translation is multi-purpose Internet Mail Extension (Multipurpose Internet Mail Extensions), which is mainly used to represent files of different encoding formats during Internet transmission;
NOTE 2: To obtain mime definitions of different file formats, you only need to start the Registry Editor and find the registry key corresponding to the Suffix in hkey_classes_root. If the mime definition of the file format exists, in the right window, a key named "content type" is displayed, and the value of this key is the mime definition in the file format.
The above two methods are used in combination, so uploading files is basically restricted. However, if some interested users change the content of the mime value of the registry, they can upload malicious programs. In this case, only reinforcement programs and systems can change the extension of uploaded files. Or use custom controls to adopt more rigorous detection measures.
