C#检测上传文件真正类型的方法
本文实例讲述了C#检测上传文件真正类型的方法。分享给大家供大家参考。具体分析如下:
对于用户上传的文件如果只是根据扩展名判断,很容易上传上来可执行文件,这是非常危险的,这段代码可以在服务器端检测上传文件的真实类型。
<%@ Page Language="C#" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server"> void Alert(string s) { Page.ClientScript.RegisterStartupScript(Page.GetType(), "js", "alert('" + s + "')", true); } protected void Button1_Click(object sender, EventArgs e) { saveFile(); } protected String saveFile() { String MaxSize = "1024"; //最大文件大小 int imgMaxSize = Convert.ToInt32(MaxSize) * 1024 * 1024; HttpPostedFile imgFile = FuImg.PostedFile; if (imgFile == null || FuImg.FileName == "") { Alert("请选择文件。"); return ""; } String dirPath = Server.MapPath("~/"); string saveUrl = Page.ResolveUrl("~/"); if (!System.IO.Directory.Exists(dirPath)) { Alert("上传目录不存在。"); return ""; } String fileName = imgFile.FileName; String fileExt = System.IO.Path.GetExtension(fileName).ToLower(); if (imgFile.InputStream == null || imgFile.InputStream.Length > imgMaxSize) { Alert("上传文件大小超过限制。"); return ""; } //验证文件格式 String fpath = IsAllowedExtension(imgFile); if ("" == fpath) { Alert("图片格式不正确。"); return ""; } String ymd = DateTime.Now.ToString("yyyyMMdd", System.Globalization.DateTimeFormatInfo.InvariantInfo); dirPath += ymd + "/"; saveUrl = saveUrl + ymd + "/"; //判断目录是否存在 if (!System.IO.Directory.Exists(dirPath)) { //创建目录 System.IO.Directory.CreateDirectory(dirPath); } String newFileName = Guid.NewGuid().ToString() + fileExt; //图片名字 String filePath = dirPath + newFileName; System.IO.File.Move(fpath, filePath); String fileUrl = saveUrl + newFileName; Img.ImageUrl = fileUrl; //ImageUrl = saveUrl + newFileName; return fileUrl; } public String IsAllowedExtension(HttpPostedFile f) { String newFile = Server.MapPath("~/" + System.Guid.NewGuid().ToString("D") + ".tmp"); f.SaveAs(newFile); System.IO.FileStream fs = new System.IO.FileStream(newFile, System.IO.FileMode.Open, System.IO.FileAccess.Read); System.IO.BinaryReader r = new System.IO.BinaryReader(fs); string fileclass = ""; byte buffer; buffer = r.ReadByte(); fileclass = buffer.ToString(); buffer = r.ReadByte(); fileclass += buffer.ToString(); r.Close(); fs.Close(); /* 文件扩展名说明 *7173 gif *255216 jpg *13780 png *6677 bmp */ Dictionary<String, String> ftype = new Dictionary<string, string>(); //添加允许的文件类型 ftype.Add("7173", "gif"); ftype.Add("255216", "jpg"); ftype.Add("13780", "png"); ftype.Add("6677", "bmp"); if (ftype.ContainsKey(fileclass)) { return newFile; } else { System.IO.File.Delete(newFile); return ""; } } </script> <html xmlns="http://www.w3.org/1999/xhtml"> <head id="Head1" runat="server"> </head> <body> <form id="form1" runat="server"> <asp:FileUpload ID="FuImg" runat="server" /> <asp:Button ID="Button1" runat="server" OnClick="Button1_Click" Text="上传测试" /> <asp:Image ID="Img" runat="server" /> </form> </body> </html>
希望本文所述对大家的C#程序设计有所帮助。
赞 (0)