• 用ASP.net判断上传文件类型的三种方法


     一、 安全性比较低,把文本文件1.txt改成1.jpg照样可以上传,但其实现方法容易理解,实现也简单,所以网上很多还是采取这种方法。

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    Boolean fileOk = false;
              string path = Server.MapPath("~/images/");
              //判断是否已经选取文件
              if (FileUpload1.HasFile)
              {
                  //取得文件的扩展名,并转换成小写
                  string fileExtension = System.IO.Path.GetExtension(FileUpload1.FileName).ToLower();
                  //限定只能上传jpg和gif图片
                  string[] allowExtension = { ".jpg", ".gif" };
                  //对上传的文件的类型进行一个个匹对
                  int j = 0;
                  for (int i = 0; i < allowExtension.Length; i++)
                  {
                      if (fileExtension == allowExtension[i])
                      {
                          fileOk = true;
                          return;
                      }
                      else
                      {
                          j++;
                      }
                  }
                  if (j > 0)
                  {
                      Response.Write("<script>alert('文件格式不正确');</script>");
                      return;
                  }
              }
              else
              {
                  Response.Write("<script>alert('你还没有选择文件');</script>");
                  return;
              }
              //如果扩展名符合条件,则上传
              if (fileOk)
              {
                  FileUpload1.PostedFile.SaveAs(path + FileUpload1.FileName);
                  Response.Write("<script>alert('上传成功');</script>");
              }

      二、不检测文件后缀而是检测文件MIME内容类型。

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    Boolean fileOk = false;
               string path = Server.MapPath("~/images/");
               //判断是否已经选取文件
               if (FileUpload1.HasFile)
               {
                   //取得文件MIME内容类型
                   string type = this.FileUpload1.PostedFile.ContentType.ToLower();
                   if (type.Contains("image"))    //图片的MIME类型为"image/xxx",这里只判断是否图片。
                   {
                       fileOk = true;
     
                   }
                   else
                   {
                       Response.Write("<script>alert('格式不正确')</script>");
                   }
               }
               else
               {
                   Response.Write("<script>alert('你还没有选择文件');</script>");
               }
               //如果扩展名符合条件,则上传
               if (fileOk)
               {
                   FileUpload1.PostedFile.SaveAs(path + FileUpload1.FileName);
                   Response.Write("<script>alert('上传成功');</script>");
               }

      三、可以实现真正意义上的文件类型判断

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    try
                {
                    //判断是否已经选取文件
                    if (FileUpload1.HasFile)
                    {
                        if (IsAllowedExtension(FileUpload1))
                        {
                            string path = Server.MapPath("~/images/");
                            FileUpload1.PostedFile.SaveAs(path + FileUpload1.FileName);
                            Response.Write("<script>alert('上传成功');</script>");
                        }
                        else
                        {
                            Response.Write("<script>alert('您只能上传jpg或者gif图片');</script>");
                        }
     
                    }
                    else
                    {
                        Response.Write("<script>alert('你还没有选择文件');</script>");
                    }
                }
                catch (Exception error)
                {
                    Response.Write(error.ToString());
                }
                #endregion
            }
    //真正判断文件类型的关键函数
            public static bool IsAllowedExtension(FileUpload hifile)
            {
                System.IO.FileStream fs = new System.IO.FileStream(hifile.PostedFile.FileName, System.IO.FileMode.Open, System.IO.FileAccess.Read);
                System.IO.BinaryReader r = new System.IO.BinaryReader(fs);
                string fileclass = "";
                //这里的位长要具体判断.
                byte buffer;
                try
                {
                    buffer = r.ReadByte();
                    fileclass = buffer.ToString();
                    buffer = r.ReadByte();
                    fileclass += buffer.ToString();
     
                }
                catch
                {
     
                }
                r.Close();
                fs.Close();
                if (fileclass == "255216" || fileclass == "7173")//说明255216是jpg;7173是gif;6677是BMP,13780是PNG;7790是exe,8297是rar
                {
                    return true;
                }
                else
                {
                    return false;
                }
     
            }
     
  • 相关阅读:
    很难理解的三个设计模式
    设计模式思考(转)
    AOP
    CAP理论(摘)
    DDBS
    NoSql
    Enterprise Library 企业库
    padright padleft
    Process ProcessThread Thread
    053374
  • 原文地址:https://www.cnblogs.com/ranran/p/asp_net_upload.html
Copyright © 2020-2023  润新知