[转载]C#实现Web文件上传的两种方法

EvilOctal

团队执行官

Rank: 8 Rank: 8

E.S.T社区执行帐号

帖子: 9833
精华: 769
积分: 40415
阅读权限: 200
性别: 男
在线时间: 3978 小时
注册时间: 2004-7-4
最后登录: 2008-10-11

发短消息
加为好友
当前离线

楼主大中小发表于 2005-6-27 01:15 只看该作者

[转载]C#实现Web文件上传的两种方法

信息来源：太平洋电脑

1. C＃实现Web文件的上传

　　在Web编程中,我们常需要把一些本地文件上传到Web服务器上,上传后,用户可以通过浏览器方便地浏览这些文件，应用十分广泛。

　　那么使用C#如何实现文件上传的功能呢?下面笔者简要介绍一下。

　　首先,在你的Visual C# web project 中增加一个上传用的Web Form,为了要上传文件,需要在ToolBox中选择HTML类的File Field控件,将此控件加入到Web Form中,然而此时该控件还不是服务端控件,我们需要为它加上如下一段代码:<input id=uploadfile1 type=file size=49 runat="server">，这样它就成为服务端控件了,如果需要同时上传数个文件时,我们可以相应增加此控件。

　　需要注意的是代码中一定要把<form>的属性设置成为：

<form method=post encType=multipart/ form-data runat="server">

　　如果没有这个属性,就不能实现上传。

　　然后在此Web Form中增加一个Web Form类的Button,双击Button添加如下代码:

//上传图片的程序段
DateTime now = DateTime.Now ;
//取现在时间到DataTime类的对象now中
string strBaseLocation = "D:\\web\\FC\\pic\\";
//这是文件将上传到的服务器的绝对目录
if (uploadfile1.PostedFile.ContentLength != 0) //判断选取对话框选取的文件长度是否为0
{
uploadfile1.PostedFile.SaveAs(strBaseLocation+now.DayOfYear.ToString()+uploadfile1.PostedFile.ContentLength.ToString()+".jpg");
//执行上传,并自动根据日期和文件大小不同为文件命名,确保不重复
Label1.Text="图片1已经上传,文件名为:"+now.DayOfYear.ToString()+uploadfile1.PostedFile.ContentLength.ToString()+".jpg";
　navigator.Insert(System.Xml.TreePosition.After, XmlNodeType.Element,"pic1","","") ;
navigator.Insert(System.Xml.TreePosition.FirstChild, XmlNodeType.Text,"pic1","","") ;
navigator.Value= now.DayOfYear.ToString()+uploadfile1.PostedFile.ContentLength.ToString()+".jpg" ;
navigator.MoveToParent() ;
}

　　上面的代码用于笔者开发的一个使用XML文件存储新闻信息的系统中,后面几句代码作用是写上传文件信息到XML文件中。如果要上传其他类型文件,只需要将jpg改为相应类型的后缀名即可,如改为doc即可上传Word文件,浏览器即可直接浏览上传的Word文件。

　　【注意事项】

　　1. 上传文件不可以无限大;

　　2. 要注意IIS的安全性方面的配合;

　　3. 用Visual Studio 的安装项目做安装程序的时候,请注意安装程序所在的绝对路径问题;

　　4. 注意文件上传后的重名问题。

2. C＃实现Web文件的上传

using System;
using System.Data;
using System.Data.SqlClient;
using System.Web.UI.HtmlControls;
using System.Drawing.Imaging;
using System.Configuration;
using System.Drawing;

namespace zhuanti
{
/// <summary>
/// 这是一个用于玩家投稿中实现玩家上传文件功能中用到的相应的函数的功能模块
/// </summary>
public class FileUpload
{
public enum File //定义一个人用于存放玩家上传文件信息的一个数组
{
FILE_SIZE , //大小
FILE_POSTNAME, //类型（文件后缀名）
FILE_SYSNAME , //系统名
FILE_ORGINNAME, //原来的名字
FILE_PATH //文件路径
}
private static Random rnd = new Random(); //获取一个随机数

public static string[] UploadFile(HtmlInputFile file,string Upload_Dir) //实现玩家文件上传功能的主函数
{
string[] arr = new String[5];
string FileName = GetUniquelyString(); //获取一个不重复的文件名
string FileOrginName = file.PostedFile.FileName.Substring

(file.PostedFile.FileName.LastIndexOf("\\")+1);//获取文件的原始名
if(file.PostedFile.ContentLength<=0)
{ return null; }
string postFileName;
string FilePath = Upload_Dir.ToString();
string path = FilePath + "\\";
try
{
int pos = file.PostedFile.FileName.LastIndexOf(".")+1;
postFileName = file.PostedFile.FileName.Substring(pos,file.PostedFile.FileName.Length-pos);
file.PostedFile.SaveAs(path+FileName+"."+postFileName); //存储指定的文件到指定的目录
}
catch(Exception exec)
{
throw(exec);
}

double unit = 1024;
double size = Math.Round(file.PostedFile.ContentLength/unit,2);
arr[(int)File.FILE_SIZE] = size.ToString(); //文件大小
arr[(int)File.FILE_POSTNAME] = postFileName; //文件类型（文件后缀名）
arr[(int)File.FILE_SYSNAME] = FileName; //文件系统名
arr[(int)File.FILE_ORGINNAME] = FileOrginName; //文件原来的名字
arr[(int)File.FILE_PATH]=path+FileName+"."+postFileName; //文件路径
return arr;
}

public static bool OperateDB(string sqlstr) //建立一个和数据库的关联
{
if (sqlstr==String.Empty)
return false;

SqlConnection myConnection = new SqlConnection(ConfigurationSettings.AppSettings["connstring"]);
SqlCommand myCommand = new SqlCommand(sqlstr, myConnection);

myConnection.Open();
myCommand.ExecuteNonQuery();
myConnection.Close();
return true;
}

public static string GetUniquelyString() //获取一个不重复的文件名
{
const int RANDOM_MAX_VALUE = 1000;
string strTemp,strYear,strMonth,strDay,strHour,strMinute,strSecond,strMillisecond;

DateTime dt =DateTime.Now;
int rndNumber = rnd.Next(RANDOM_MAX_VALUE);
strYear = dt.Year.ToString ();
strMonth = (dt.Month > 9)? dt.Month.ToString() : "0" + dt.Month.ToString();
strDay = (dt.Day > 9)? dt.Day.ToString() : "0" + dt.Day.ToString();
strHour = (dt.Hour > 9)? dt.Hour.ToString() : "0" + dt.Hour.ToString();
strMinute = (dt.Minute > 9)? dt.Minute.ToString() : "0" + dt.Minute.ToString();
strSecond = (dt.Second > 9)? dt.Second.ToString() : "0" + dt.Second.ToString();
strMillisecond = dt.Millisecond.ToString();

strTemp = strYear + strMonth + strDay +"_"+ strHour + strMinute + strSecond +"_"+ strMillisecond +"_"+ rndNumber.ToString () ;

return strTemp;
}
}
}

曾几何时，有人对我说：装B遭雷劈。我说：去你妈的。于是，这个人又对我说：如果再说脏话，上帝会惩罚你的。我说：我操上帝。结论：彪悍的人生不需要上帝。

TOP

hxinyuan

晶莹剔透§烈日灼然

Rank: 1

帖子: 2
精华: 0
积分: 15
阅读权限: 40
在线时间: 85 小时
注册时间: 2005-7-6
最后登录: 2007-11-14

发短消息
加为好友
当前离线

沙发大中小发表于 2005-10-7 17:01 只看该作者

我这里有一段上传程序,看看是否有漏洞:
<%@ Page language="c#" %>
<script runat="server">

// Messages
private string NoFileMessage = "您没有选择文件。";
private string UploadSuccessMessage = "上传成功";
private string UploadFailureMessage = "上传失败。";
private string NoImagesMessage = "该文件夹不存在或者是空的";
private string NoFolderSpecifiedMessage = "您要上传到的文件夹不存在。";
private string NoFileToDeleteMessage = "您没有选中要删除的文件。";
private string InvalidFileTypeMessage = "您无法上传这种类型的文件。";
private string[] AcceptedFileTypes = new string[] {"jpg","jpeg","jpe","gif","png"};

// Configuration
private bool UploadIsEnabled = true;    // 是否允许上传文件
private bool DeleteIsEnabled = true;    // 是否允许删除文件
private string DefaultImageFolder = "images";  // 默认的起始文件夹

private void Page_Load(object sender, System.EventArgs e) {
string isframe = "" + Request["frame"];

if (isframe != "") {
      MainPage.Visible = true;
      iframePanel.Visible = false;

      string rif = "" + Request["rif"];
      string cif = "" + Request["cif"];

      if (cif != "" && rif != "") {
         RootImagesFolder.Value = rif;
         CurrentImagesFolder.Value = cif;
      } else {
         RootImagesFolder.Value = DefaultImageFolder;
         CurrentImagesFolder.Value = DefaultImageFolder;
      }

      UploadPanel.Visible = UploadIsEnabled;
      DeleteImage.Visible = DeleteIsEnabled;

      string FileErrorMessage = "";
      string ValidationString = ".*(";
      //[\.jpg]|[\.jpeg]|[\.jpe]|[\.gif]|[\.png])$"
      for (int i=0;i<AcceptedFileTypes.Length; i++) {
         ValidationString += "[\\." + AcceptedFileTypes + "]";
         if (i < (AcceptedFileTypes.Length-1)) ValidationString += "|";
         FileErrorMessage += AcceptedFileTypes;
         if (i < (AcceptedFileTypes.Length-1)) FileErrorMessage += ", ";
      }
      FileValidator.ValidationExpression = ValidationString+")$";
      FileValidator.ErrorMessage=FileErrorMessage;

      if (!IsPostBack) {
         DisplayImages();
      }
} else {

}
}

public void UploadImage_OnClick(object sender, EventArgs e) {
if (Page.IsValid) {
      if (CurrentImagesFolder.Value != "") {
         if (UploadFile.PostedFile.FileName.Trim() != "") {
            if (IsValidFileType(UploadFile.PostedFile.FileName)) {
                  try {
                     string UploadFileName = "";
                     string UploadFileDestination = "";
                     UploadFileName = UploadFile.PostedFile.FileName;
                     UploadFileName = UploadFileName.Substring(UploadFileName.LastIndexOf("\\")+1);
                     UploadFileDestination = HttpContext.Current.Request.PhysicalApplicationPath;
                     UploadFileDestination += CurrentImagesFolder.Value;
                     UploadFileDestination += "\\";
                     UploadFile.PostedFile.SaveAs(UploadFileDestination + UploadFileName);
                     ResultsMessage.Text = UploadSuccessMessage;
                  } catch(Exception ex) {
                     //ResultsMessage.Text = "Your file could not be uploaded: " + ex.Message;
                     ResultsMessage.Text = UploadFailureMessage;
                  }
            } else {
                  ResultsMessage.Text = InvalidFileTypeMessage;
            }
         } else {
            ResultsMessage.Text = NoFileMessage;
         }
      } else {
         ResultsMessage.Text = NoFolderSpecifiedMessage;
      }
} else {
      ResultsMessage.Text = InvalidFileTypeMessage;

}
DisplayImages();
}

public void DeleteImage_OnClick(object sender, EventArgs e) {
if (FileToDelete.Value != "" && FileToDelete.Value != "undefined") {
      try {
         string AppPath = HttpContext.Current.Request.PhysicalApplicationPath;
         System.IO.File.Delete(AppPath  + CurrentImagesFolder.Value + "\\" + FileToDelete.Value);
         ResultsMessage.Text = "已删除: " + FileToDelete.Value;
      } catch(Exception ex) {
         ResultsMessage.Text = "删除失败。";
      }
} else {
      ResultsMessage.Text = NoFileToDeleteMessage;
}
DisplayImages();
}

private bool IsValidFileType(string FileName) {
string ext = FileName.Substring(FileName.LastIndexOf(".")+1,FileName.Length-FileName.LastIndexOf(".")-1);
for (int i=0; i<AcceptedFileTypes.Length; i++) {
      if (ext == AcceptedFileTypes) {
         return true;

      }
}
return false;
}

private string[] ReturnFilesArray() {
if (CurrentImagesFolder.Value != "") {
      try {
         string AppPath = HttpContext.Current.Request.PhysicalApplicationPath;
         string ImageFolderPath = AppPath + CurrentImagesFolder.Value;
         string[] FilesArray = System.IO.Directory.GetFiles(ImageFolderPath,"*");
         return FilesArray;


      } catch {

         return null;
      }
} else {
      return null;
}

}

private string[] ReturnDirectoriesArray() {
if (CurrentImagesFolder.Value != "") {
      try {
         string AppPath = HttpContext.Current.Request.PhysicalApplicationPath;
         string CurrentFolderPath = AppPath + CurrentImagesFolder.Value;
         string[] DirectoriesArray = System.IO.Directory.GetDirectories(CurrentFolderPath,"*");
         return DirectoriesArray ;
      } catch {
         return null;
      }
} else {
      return null;
}
}

public void DisplayImages() {
string[] FilesArray = ReturnFilesArray();
string[] DirectoriesArray = ReturnDirectoriesArray();
string AppPath = HttpContext.Current.Request.PhysicalApplicationPath;
string AppUrl;

//Get the application's URL
if (Request.ApplicationPath == "/")
      AppUrl = Request.ApplicationPath;
else
      AppUrl = Request.ApplicationPath + "/";

GalleryPanel.Controls.Clear();
if ( (FilesArray == null || FilesArray.Length == 0) && (DirectoriesArray == null || DirectoriesArray.Length == 0) ) {
      gallerymessage.Text = NoImagesMessage + ": " + RootImagesFolder.Value;
} else {
      string ImageFileName = "";
      string ImageFileLocation = "";

      int thumbWidth = 94;
      int thumbHeight = 94;

      if (CurrentImagesFolder.Value != RootImagesFolder.Value) {

         System.Web.UI.HtmlControls.HtmlImage myHtmlImage = new System.Web.UI.HtmlControls.HtmlImage();
         myHtmlImage.Src = AppUrl + "images/ftb/folder.up.gif";
         myHtmlImage.Attributes["unselectable"]="on";
         myHtmlImage.Attributes["align"]="absmiddle";
         myHtmlImage.Attributes["vspace"]="36";

         string ParentFolder = CurrentImagesFolder.Value.Substring(0,CurrentImagesFolder.Value.LastIndexOf("\\"));

         System.Web.UI.WebControls.Panel myImageHolder = new System.Web.UI.WebControls.Panel();
         myImageHolder.CssClass = "imageholder";
         myImageHolder.Attributes["unselectable"]="on";
         myImageHolder.Attributes["onclick"]="divClick(this,'');";
         myImageHolder.Attributes["ondblclick"]="gotoFolder('" + RootImagesFolder.Value + "','" + ParentFolder.Replace("\\","\\\\") + "');";
         myImageHolder.Controls.Add(myHtmlImage);

         System.Web.UI.WebControls.Panel myMainHolder = new System.Web.UI.WebControls.Panel();
         myMainHolder.CssClass = "imagespacer";
         myMainHolder.Controls.Add(myImageHolder);

         System.Web.UI.WebControls.Panel myTitleHolder = new System.Web.UI.WebControls.Panel();
         myTitleHolder.CssClass = "titleHolder";
         myTitleHolder.Controls.Add(new LiteralControl("向上"));
         myMainHolder.Controls.Add(myTitleHolder);

         GalleryPanel.Controls.Add(myMainHolder);

      }

      foreach (string _Directory in DirectoriesArray) {

         try {
            string DirectoryName = _Directory.ToString();


            System.Web.UI.HtmlControls.HtmlImage myHtmlImage = new System.Web.UI.HtmlControls.HtmlImage();
            myHtmlImage.Src = AppUrl + "images/ftb/folder.big.gif";
            myHtmlImage.Attributes["unselectable"]="on";
            myHtmlImage.Attributes["align"]="absmiddle";
            myHtmlImage.Attributes["vspace"]="29";

            System.Web.UI.WebControls.Panel myImageHolder = new System.Web.UI.WebControls.Panel();
            myImageHolder.CssClass = "imageholder";
            myImageHolder.Attributes["unselectable"]="on";
            myImageHolder.Attributes["onclick"]="divClick(this);";
            myImageHolder.Attributes["ondblclick"]="gotoFolder('" + RootImagesFolder.Value + "','" + DirectoryName.Replace(AppPath,"").Replace("\\","\\\\") + "');";
            myImageHolder.Controls.Add(myHtmlImage);

            System.Web.UI.WebControls.Panel myMainHolder = new System.Web.UI.WebControls.Panel();
            myMainHolder.CssClass = "imagespacer";
            myMainHolder.Controls.Add(myImageHolder);

            System.Web.UI.WebControls.Panel myTitleHolder = new System.Web.UI.WebControls.Panel();
            myTitleHolder.CssClass = "titleHolder";
            myTitleHolder.Controls.Add(new LiteralControl(DirectoryName.Replace(AppPath + CurrentImagesFolder.Value + "\\","")));
            myMainHolder.Controls.Add(myTitleHolder);

            GalleryPanel.Controls.Add(myMainHolder);
         } catch {
            // nothing for error
         }
      }

      foreach (string ImageFile in FilesArray) {

         try {

            ImageFileName = ImageFile.ToString();
            ImageFileName = ImageFileName.Substring(ImageFileName.LastIndexOf("\\")+1);
            ImageFileLocation = AppUrl;
            ImageFileLocation = ImageFileLocation.Substring(ImageFileLocation.LastIndexOf("\\")+1);
            //galleryfilelocation += "/";
            ImageFileLocation += CurrentImagesFolder.Value;
            ImageFileLocation += "/";
            ImageFileLocation += ImageFileName;
            System.Web.UI.HtmlControls.HtmlImage myHtmlImage = new System.Web.UI.HtmlControls.HtmlImage();
            myHtmlImage.Src = ImageFileLocation;
            System.Drawing.Image myImage = System.Drawing.Image.FromFile(ImageFile.ToString());
            myHtmlImage.Attributes["unselectable"]="on";
            //myHtmlImage.border=0;

            // landscape image
            if (myImage.Width > myImage.Height) {
                  if (myImage.Width > thumbWidth) {
                     myHtmlImage.Width = thumbWidth;
                     myHtmlImage.Height = Convert.ToInt32(myImage.Height * thumbWidth/myImage.Width);
                  } else {
                     myHtmlImage.Width = myImage.Width;
                     myHtmlImage.Height = myImage.Height;
                  }
            // portrait image
            } else {
                  if (myImage.Height > thumbHeight) {
                     myHtmlImage.Height = thumbHeight;
                     myHtmlImage.Width = Convert.ToInt32(myImage.Width * thumbHeight/myImage.Height);
                  } else {
                     myHtmlImage.Width = myImage.Width;
                     myHtmlImage.Height = myImage.Height;
                  }
            }

            if (myHtmlImage.Height < thumbHeight) {
                  myHtmlImage.Attributes["vspace"] = Convert.ToInt32((thumbHeight/2)-(myHtmlImage.Height/2)).ToString();
            }

            System.Web.UI.WebControls.Panel myImageHolder = new System.Web.UI.WebControls.Panel();
            myImageHolder.CssClass = "imageholder";
            myImageHolder.Attributes["onclick"]="divClick(this,'" + ImageFileName + "');";
            myImageHolder.Attributes["ondblclick"]="returnImage('" + ImageFileLocation.Replace("\\","/") + "','" + myImage.Width.ToString() + "','" + myImage.Height.ToString() + "');";
            myImageHolder.Controls.Add(myHtmlImage);

            System.Web.UI.WebControls.Panel myMainHolder = new System.Web.UI.WebControls.Panel();
            myMainHolder.CssClass = "imagespacer";
            myMainHolder.Controls.Add(myImageHolder);

            System.Web.UI.WebControls.Panel myTitleHolder = new System.Web.UI.WebControls.Panel();
            myTitleHolder.CssClass = "titleHolder";
            myTitleHolder.Controls.Add(new LiteralControl(ImageFileName + "<BR>" + myImage.Width.ToString() + "x" + myImage.Height.ToString()));
            myMainHolder.Controls.Add(myTitleHolder);

            //GalleryPanel.Controls.Add(myImage);
            GalleryPanel.Controls.Add(myMainHolder);

            myImage.Dispose();
         } catch {

         }
      }
      gallerymessage.Text = "";
}
}
</script>
<asp:panel id="MainPage" runat="server" visible="false">
<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD>
<META HTTP-EQUIV="Expires" CONTENT="0">
<title>插入图片</title>
<style>

body {
margin: 0px 0px 0px 0px;
padding: 0px 0px 0px 0px;
background: #ffffff;
width: 100%;
overflow:hidden;
border: 0;
}

body,tr,td {
color: #000000;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 10pt;
}

div.imagespacer {
width: 120;
height: 126;
text-align: center;
float: left;
font: 10pt verdana;
margin: 5px;
overflow: hidden;
}
div.imageholder {
margin: 0px;
padding: 0px;
border: 1 solid #CCCCCC;
width: 100;
height: 100;
}

div.titleholder {
font-family: ms sans serif, arial;
font-size: 8pt;
width: 100;
text-overflow: ellipsis;
overflow: hidden;
white-space: nowrap;
}

</style>

<script language="javascript">
lastDiv = null;
function divClick(theDiv,filename) {
if (lastDiv) {
      lastDiv.style.border = "1 solid #CCCCCC";
}
lastDiv = theDiv;
theDiv.style.border = "2 solid #316AC5";

document.getElementById("FileToDelete").value = filename;

}
function gotoFolder(rootfolder,newfolder) {
window.navigate("ftb.imagegallery.aspx?frame=1&rif=" + rootfolder + "&cif=" + newfolder);
}
function returnImage(imagename,width,height) {
var arr = new Array();
arr["filename"] = imagename;
arr["width"] = width;
arr["height"] = height;
window.parent.returnValue = arr;
window.parent.close();
}
</script>
</HEAD>
<body>
<table width=100% height=100% cellpadding=0 cellspacing=0 border=0>

<FORM encType="multipart/form-data" runat="server">

<tr><td>
<div id="galleryarea" style="width=100%; height:100%; overflow: auto;">
      <asp:label id="gallerymessage" runat="server"></asp:label>
      <asp:panel id="GalleryPanel" runat="server"></asp:panel>
</div>
</td></tr>
<asp:Panel id="UploadPanel" runat="server">
<tr><td height=16 style="padding-left:10px;border-top: 1 solid #999999; background-color:#99ccff;">

<table>
<tr>
      <td valign=top><input id="UploadFile" type="file" name="UploadFile" runat="server" style="width:300;"/></td>
      <td valign=top><asp:button id="UploadImage" Text="上传" runat="server" onclick="UploadImage_OnClick" /></td>
      <td valign=top><asp:button id="DeleteImage" Text="删除" runat="server" onclick="DeleteImage_OnClick" /></td>
      <td valign=middle>
</tr>
<tr>
      <td colspan=3>
         <asp:RegularExpressionValidator runat="server"
            ControlToValidate="UploadFile"
            id="FileValidator" display="dynamic"/>
         <asp:literal id="ResultsMessage" runat="server" />
      </td>
</tr></table>
<input type="hidden" id="FileToDelete" Value="" runat="server" />
<input type="hidden" id="RootImagesFolder" Value="images" runat="server" />
<input type="hidden" id="CurrentImagesFolder" Value="images" runat="server" />
</td></tr>
</asp:panel>
</form>
</table>
</body>
</HTML>
</asp:panel>
<asp:panel id="iframePanel" runat="server" >
<html>
<head><title>插入图片</title></head>
<style>
body {
margin: 0px 0px 0px 0px;
padding: 0px 0px 0px 0px;
background: #ffffff;
overflow:hidden;
}
</style>
<body>
<iframe style="width:100%;height:100%;border:0;" border=0 frameborder=0 src="ftb.imagegallery.aspx?frame=1&<%=Request.QueryString%>"></iframe>
</body>
</html>
</asp:panel>

TOP

‹‹ 上一主题 | 下一主题 ››

邪恶八进制信息安全团队技术讨论组 » 脚本程序设计{ All Kinds of Scripts } » [转载]C#实现Web文件上传的两种方法