There are several methods you can use to control the types of files that are uploaded to the server. Unfortunately, there is no bullet-proof method to protect you from someone uploading files that would be considered malicious. You can take a few steps, however, to make this process of allowing end users to upload files a little more manageable.
One nice method you can employ is to use the ASP.NET validation controls that are provided for free with ASP.NET. These controls enable you to do a regular-expression check upon the file that is being uploaded to see if the extension of the file is one you permit to be uploaded.
For Example :
<asp:RegularExpressionValidator
id=”RegularExpressionValidator1″
runat=”server”
ErrorMessage=”Only zip file is allowed!”
ValidationExpression =”^.+(.zip|.ZIP)$”
ControlToValidate=”FileUpload1″
> </asp:RegularExpressionValidator>
This simple ASP.NET page uses validation controls so that the end user can only upload .zip file to the server. If the file type is not one these three choices, a Validation control throws an exception onto the screen.
Using Validation controls is not a foolproof way of controlling the files that are uploaded to the server. It wouldn’t be too hard for someone to change the file extension of a file so it would be accepted and uploaded to the server, thereby bypassing this simple security model.
well, you write .zip & .ZIP , this means that i must put all combinations of character statues ,ex : .zip , .Zip ,.ZIp ,……… ,so is there anyway to handle that ,specially i want my fileupload to upload only images, any type of image,and if I use this I’ll write many many things, can you help ??
Thanks for this article.
Thanks for this article.. really short and simple
thanks for short and cryisp article..
Thanks a lot of thanks. Excellent trick. Great….!