ASP. net three effective ways to determine the type of file being uploaded
- 2020-12-05 17:09:10
- OfStack
1. Low security. You can still upload the text file 1.txt to 1.jpg, but its implementation method is easy to understand and simple to implement, so many Internet users still adopt this method.
2. Do not detect file suffixes but file MIME content types.
3. Can realize the real sense of the file type judgment
Boolean fileOk = false;
string path = Server.MapPath("~/images/");
// Determines whether a file has been selected
if (FileUpload1.HasFile)
{
// Gets the extension of the file , And switch to lowercase
string fileExtension = System.IO.Path.GetExtension(FileUpload1.FileName).ToLower();
// Upload only limited jpg and gif The picture
string[] allowExtension = { ".jpg", ".gif" };
// Type of file to upload 1 Each piece of
int j = 0;
for (int i = 0; i < allowExtension.Length; i++)
{
if (fileExtension == allowExtension[i])
{
fileOk = true;
return;
}
else
{
j++;
}
}
if (j > 0)
{
Response.Write("<script>alert(' The file format is incorrect ');</script>");
return;
}
}
else
{
Response.Write("<script>alert(' You haven't selected the file yet ');</script>");
return;
}
// If the extension meets the criteria, upload
if (fileOk)
{
FileUpload1.PostedFile.SaveAs(path + FileUpload1.FileName);
Response.Write("<script>alert(' Uploaded successfully ');</script>");
}
2. Do not detect file suffixes but file MIME content types.
Boolean fileOk = false;
string path = Server.MapPath("~/images/");
// Determines whether a file has been selected
if (FileUpload1.HasFile)
{
// A file MIME Content type
string type = this.FileUpload1.PostedFile.ContentType.ToLower();
if (type.Contains("image")) // The image MIME A type of "image/xxx" Here, only the image is judged.
{
fileOk = true;
}
else
{
Response.Write("<script>alert(' Incorrect format ')</script>");
}
}
else
{
Response.Write("<script>alert(' You haven't selected the file yet ');</script>");
}
// If the extension meets the criteria, upload
if (fileOk)
{
FileUpload1.PostedFile.SaveAs(path + FileUpload1.FileName);
Response.Write("<script>alert(' Uploaded successfully ');</script>");
}
3. Can realize the real sense of the file type judgment
try
{
// Determines whether a file has been selected
if (FileUpload1.HasFile)
{
if (IsAllowedExtension(FileUpload1))
{
string path = Server.MapPath("~/images/");
FileUpload1.PostedFile.SaveAs(path + FileUpload1.FileName);
Response.Write("<script>alert(' Uploaded successfully ');</script>");
}
else
{
Response.Write("<script>alert(' You can only upload jpg or gif The picture ');</script>");
}
}
else
{
Response.Write("<script>alert(' You haven't selected the file yet ');</script>");
}
}
catch (Exception error)
{
Response.Write(error.ToString());
}
#endregion
}
// The key function that really determines the file type
public static bool IsAllowedExtension(FileUpload hifile)
{
System.IO.FileStream fs = new System.IO.FileStream(hifile.PostedFile.FileName, System.IO.FileMode.Open, System.IO.FileAccess.Read);
System.IO.BinaryReader r = new System.IO.BinaryReader(fs);
string fileclass = "";
// You have to be specific about the bit length here .
byte buffer;
try
{
buffer = r.ReadByte();
fileclass = buffer.ToString();
buffer = r.ReadByte();
fileclass += buffer.ToString();
}
catch
{
}
r.Close();
fs.Close();
if (fileclass == "255216" || fileclass == "7173")// instructions 255216 is jpg;7173 is gif;6677 is BMP,13780 is PNG;7790 is exe,8297 is rar
{
return true;
}
else
{
return false;
}
}