下面是Isolated用asp.net做的一个检测上传文件类型的小程序上传文件检测类型到目前为止我只看到过3种,第一种是检测文件的后缀名;第二种是检测文件的头部编码,不同类型文件的头部编码是不一样的(比如255216是jpg,7173是gif,6677是BMP,13780是PNG,7790是exe,8297是rar等);第三中是检测文件的MIME内容类型。这篇文章代码多有参考网络,特此说明。
前台文件:三种方法的前台文件是一样的.
view source <http://www.baoluowanxiang.com/a/website/dotnet/>
print <http://www.baoluowanxiang.com><http://www.baoluowanxiang.com/a/website/>
1<%@ Page Language="C#" AutoEventWireup="true"?? CodeFile="Default.aspx.cs" Inherits="_Default" %><BR><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "<A href="<http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd%22%3E>" target=_blank><http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd>"></A><BR><html xmlns="<A href="<http://www.w3.org/1999/xhtml%22%C2%A0%3E>" target=_blank>http://www.w3.org/1999/xhtml" ></A><BR><head runat="server"><BR>???? <title>无标题页</title><BR></head><BR><body><BR>???? <form id="form1" runat="server"><BR>???? <div><BR>???????? <asp:FileUpload ID="FileUpload1" runat="server" /><BR>???????? <asp:Button ID="btn_upload" runat="server" <SPAN>OnClick</SPAN>="btn_upload_Click" Text="上传" /><BR>???? </div><BR>???? </form><BR></body><BR></html>
后台文件:
第一种方法:安全性相对第二种低,把文本文件1.txt改成1.jpg照样可以上传,但其实现方法容易理解,实现也简单,所以网上很多还是采取这种方法。
01public partial class _Default : System.Web.UI.Page
02{
03???? protected void btn_upload_Click(object sender, EventArgs e)
04???? {
05???????? Boolean fileOk = false;
06???????? string path = Server.MapPath("~/images/");
07???????? //判断是否已经选取文件
08???????? if (FileUpload1.HasFile)
09???????? {
10???????????? //取得文件的扩展名,并转换成小写
11???????????? string fileExtension = System.IO.Path.GetExtension(FileUpload1.FileName).ToLower();
12???????????? //限定只能上传jpg和gif图片
13???????????? string[] allowExtension = { ".jpg", ".gif" };
14???????????? //对上传的文件的类型进行一个个匹对
15???????????? for (int i = 0; i < allowExtension.Length; i++)
16???????????? {
17???????????????? if (fileExtension == allowExtension[i])
18???????????????? {
19???????????????????? fileOk = true;
20???????????????????? break;
21???????????????? }
22???????????? }
23???????? }
24???????? else
25???????? {
26???????????? Response.Write("<script>alert('你还没有选择文件');</script>");
27???????? }
28???????? //如果扩展名符合条件,则上传
29???????? if (fileOk)
30???????? {
31???????????? FileUpload1.PostedFile.SaveAs(path + FileUpload1.FileName);
32???????????? Response.Write("<script>alert('上传成功');</script>");
33???????? }
34???? }
35}
第二种方法,可以实现真正意义上的文件类型判断。
01public partial class _Default : System.Web.UI.Page
02{
03????? protected void btn_upload_Click(object sender, EventArgs e)
04???? {
05???????? try
06???????? {
07???????????? //判断是否已经选取文件
08???????????? if (FileUpload1.HasFile)
09???????????? {
10???????????????? if (IsAllowedExtension(FileUpload1))
11???????????????? {
12???????????????????? string path = Server.MapPath("~/images/");
13???????????????????? FileUpload1.PostedFile.SaveAs(path + FileUpload1.FileName);
14???????????????????? Response.Write("<script>alert('上传成功');</script>");
15???????????????? }
16???????????????? else
17???????????????? {
18???????????????????? Response.Write("<script>alert('您只能上传jpg或者gif图片');</script>");
19???????????????? }
20
21???????????? }
22???????????? else
23???????????? {
24???????????????? Response.Write("<script>alert('你还没有选择文件');</script>");
25???????????? }
26???????? }
27???????? catch (Exception error)
28???????? {
29???????????? Response.Write(error.ToString());
30???????? }
31???? }
32???? //真正判断文件类型的关键函数
33???? public static bool IsAllowedExtension(FileUpload hifile)
34???? {
35???????? System.IO.FileStream fs = new System.IO.FileStream(hifile.PostedFile.FileName, System.IO.FileMode.Open, System.IO.FileAccess.Read);
36???????? System.IO.BinaryReader r = new System.IO.BinaryReader(fs);
37???????? string fileclass = "";
38??????? //这里的位长要具体判断.
39???????? byte buffer;
40???????? try
41???????? {
42???????????? buffer = r.ReadByte();
43???????????? fileclass = buffer.ToString();
44???????????? buffer = r.ReadByte();
45???????????? fileclass += buffer.ToString();
46
47???????? }
48???????? catch
49???????? {
50
51???????? }
52???????? r.Close();
53???????? fs.Close();
54???????? if (fileclass == "255216" || fileclass == "7173")//说明255216是jpg;7173是gif;6677是BMP,13780是PNG;7790是exe,8297是rar
55???????? {
56???????????? return true;
57???????? }
58???????? else
59???????? {
60???????????? return false;
61???????? }
62
63???? }
64}
但缺点是FileStream只能访问本地文件,不能访问远程文件(请高人指点)。本人在本地测试没问题,但传到服务器上就出错,提示找不到文件。最后将System.IO.FileStream fs = new System.IO.FileStream(hifile.PostedFile.FileName, System.IO.FileMode.Open, System.IO.FileAccess.Read);
换成System.IO.Stream fs = hifile.PostedFile.InputStream;也不行。无奈只好放弃这方法。
第三种方法,其实是第一种方法的改进,把文本文件1.txt改成1.jpg不能上传了,不检测文件后缀而是检测文件MIME内容类型。
01public partial class _Default : System.Web.UI.Page
02{
03???? protected void btn_upload_Click(object sender, EventArgs e)
04???? {
05???????? Boolean fileOk = false;
06???????? string path = Server.MapPath("~/images/");
07???????? //判断是否已经选取文件
08???????? if (FileUpload1.HasFile)
09???????? {
10???????????? //取得文件MIME内容类型
11????????????? string type = this.uploadfile.PostedFile.ContentType.ToLower();
12????????????? if (type.Contains("image"))??? //图片的MIME类型为"image/xxx",这里只判断是否图片。
13????????????? {
14???????????????????? fileOk = true;
15????????????? }
16???????? }
17???????? else
18???????? {
19???????????? Response.Write("<script>alert('你还没有选择文件');</script>");
20???????? }
21???????? //如果扩展名符合条件,则上传
22???????? if (fileOk)
23???????? {
24???????????? FileUpload1.PostedFile.SaveAs(path + FileUpload1.FileName);
25???????????? Response.Write("<script>alert('上传成功');</script>");
26???????? }
27???? }
28}
总结:方法一虽然简单,但安全性不够;方法二虽然安全性没问题,但FileStream不能访问远程文件;方法三安全性应该与方法二相当,而且实现也简单,建议使用。
出自:包罗万象网
原文:http://www.baoluowanxiang.com/a/website/dotnet/2011/0116/2765.html