一个自己写的真正判断文件格式,文件大小,而并不仅仅从扩展名来进行判断的上传方法,进一步加强防止软件或恶意的木马图片上传
2007-12-20 23:20
1066 查看
if (FileUpload1.HasFile)
{
string filename = myfunction.UploadPic(this.FileUpload1, myfunction.Getcompanylogopath());
if (filename.IndexOf("您") != -1)
{
Page.RegisterClientScriptBlock("err", "<script language=javascript>alert('" + filename + "');</script>");
}
else
{
}
}
public string UploadPic(FileUpload FileUpload1,string SavePath)
{
string filename = string.Empty;
string retstr = string.Empty;
if (FileUpload1.HasFile)
{
string dirpath = SavePath;
filename = FileUpload1.FileName;
string[] myfile = filename.Split('.');
int maxkb = this.GetUploadPicturemax();
string newfilename = string.Empty;
string dotname = myfile[myfile.Length - 1].ToString().ToLower();
string folder = DateTime.Now.Year.ToString() + DateTime.Now.Month.ToString() + DateTime.Now.Day.ToString();
if (dotname != "gif" && dotname != "jpg" && dotname != "png")
{
retstr = "您上传的文件格式错误,请使用gif,jpg或png文件";
}
else
{
try
{
if (FileUpload1.PostedFile.ContentLength / 1024 > maxkb)
{
retstr = "对不起,您上传的图片文件太大,最大不能超过" + maxkb.ToString() + "kb";
}
else
{
if (!System.IO.Directory.Exists(dirpath + folder))
{
System.IO.Directory.CreateDirectory(dirpath + folder);
}
Random myrdn = new Random();
newfilename = DateTime.Now.Year.ToString() + DateTime.Now.Month.ToString() + DateTime.Now.Day.ToString() + DateTime.Now.Hour.ToString() + DateTime.Now.Minute.ToString() + DateTime.Now.Second.ToString() + myrdn.Next(10000).ToString() + "." + dotname;
FileUpload1.SaveAs(dirpath + folder + "//" + newfilename);
newfilename = folder + "//" + newfilename;
//继续判断图片的大小是否在指定范围内
System.Drawing.Image image = System.Drawing.Image.FromFile(dirpath + newfilename);
if (image.RawFormat.Guid != System.Drawing.Imaging.ImageFormat.Gif.Guid && image.RawFormat.Guid != System.Drawing.Imaging.ImageFormat.Jpeg.Guid && image.RawFormat.Guid != System.Drawing.Imaging.ImageFormat.Png.Guid)
{
//删除图片
image.Dispose();
if (System.IO.File.Exists(dirpath + newfilename))
System.IO.File.Delete(dirpath + newfilename);
retstr = "对不起,您上传的图象格式为非法,请勿上传未知图片格式";
}
else
{
image.Dispose();
retstr = filename;
}
}
}
catch
{
retstr = "对不起,您上传的图象格式为非法,请勿上传未知图片格式";
if (System.IO.File.Exists(dirpath + newfilename))
System.IO.File.Delete(dirpath + newfilename);
}
}
}
return retstr;
}
{
string filename = myfunction.UploadPic(this.FileUpload1, myfunction.Getcompanylogopath());
if (filename.IndexOf("您") != -1)
{
Page.RegisterClientScriptBlock("err", "<script language=javascript>alert('" + filename + "');</script>");
}
else
{
}
}
public string UploadPic(FileUpload FileUpload1,string SavePath)
{
string filename = string.Empty;
string retstr = string.Empty;
if (FileUpload1.HasFile)
{
string dirpath = SavePath;
filename = FileUpload1.FileName;
string[] myfile = filename.Split('.');
int maxkb = this.GetUploadPicturemax();
string newfilename = string.Empty;
string dotname = myfile[myfile.Length - 1].ToString().ToLower();
string folder = DateTime.Now.Year.ToString() + DateTime.Now.Month.ToString() + DateTime.Now.Day.ToString();
if (dotname != "gif" && dotname != "jpg" && dotname != "png")
{
retstr = "您上传的文件格式错误,请使用gif,jpg或png文件";
}
else
{
try
{
if (FileUpload1.PostedFile.ContentLength / 1024 > maxkb)
{
retstr = "对不起,您上传的图片文件太大,最大不能超过" + maxkb.ToString() + "kb";
}
else
{
if (!System.IO.Directory.Exists(dirpath + folder))
{
System.IO.Directory.CreateDirectory(dirpath + folder);
}
Random myrdn = new Random();
newfilename = DateTime.Now.Year.ToString() + DateTime.Now.Month.ToString() + DateTime.Now.Day.ToString() + DateTime.Now.Hour.ToString() + DateTime.Now.Minute.ToString() + DateTime.Now.Second.ToString() + myrdn.Next(10000).ToString() + "." + dotname;
FileUpload1.SaveAs(dirpath + folder + "//" + newfilename);
newfilename = folder + "//" + newfilename;
//继续判断图片的大小是否在指定范围内
System.Drawing.Image image = System.Drawing.Image.FromFile(dirpath + newfilename);
if (image.RawFormat.Guid != System.Drawing.Imaging.ImageFormat.Gif.Guid && image.RawFormat.Guid != System.Drawing.Imaging.ImageFormat.Jpeg.Guid && image.RawFormat.Guid != System.Drawing.Imaging.ImageFormat.Png.Guid)
{
//删除图片
image.Dispose();
if (System.IO.File.Exists(dirpath + newfilename))
System.IO.File.Delete(dirpath + newfilename);
retstr = "对不起,您上传的图象格式为非法,请勿上传未知图片格式";
}
else
{
image.Dispose();
retstr = filename;
}
}
}
catch
{
retstr = "对不起,您上传的图象格式为非法,请勿上传未知图片格式";
if (System.IO.File.Exists(dirpath + newfilename))
System.IO.File.Delete(dirpath + newfilename);
}
}
}
return retstr;
}
相关文章推荐
- 一个自己写的真正判断文件格式,文件大小,而并不仅仅从扩展名来进行判断的上传方法,进一步加强防止软件或恶意的木马图片上传
- C#判断上传文件是否是图片以防止木马上传的方法
- C#判断上传文件是否是图片以防止木马上传的方法
- JavaScript上传图片的方法 判断图片的格式和大小、获取图片的base64编码
- Struts2图片文件上传,判断图片格式和图片大小
- Js下检查上传图片文件格式和大小的方法,兼容ie和火狐
- 上传图片之上传前判断文件格式与大小
- C#判断上传文件是否是图片,防止木马上传
- 兼容ie6、ie7、ie8 和FF的本地上传图片预览,并客户端判断文件大小和文件格式
- 上传图片前判断文件格式与大小验证文件是不是图片
- C#判断上传文件是否是图片,防止木马上传
- C#判断上传文件是否是图片,防止木马上传
- 上传图片之上传前判断文件格式与大小
- Struts2图片文件上传,判断图片格式和图片大小
- 上传图片之上传前判断文件格式与大小
- .net 上传图片 判断是否为真正的图片 防止木马
- 如何判断上传的图片是否是正真的图片 防止上传恶意的非图片文件
- 统计一个文件夹下的所有文件并放入到一个txt中,并删除一些格式的文件,这个方法扩展,自己修改
- 上传图片之上传前判断文件格式与大小
- Struts2图片文件上传,判断图片格式和图片大小