<asp:FileUpload ID="FileUpload1" runat="server" />
<asp:Button ID="Button1" runat="server" Text="上传" OnClick="Button1_Click" /><br />
<asp:Image ID="Image1" runat="server" /><br />
<asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>
<asp:Button ID="Button1" runat="server" Text="上传" OnClick="Button1_Click" /><br />
<asp:Image ID="Image1" runat="server" /><br />
<asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
public partial class FileUpload : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
string name = FileUpload1.FileName; //文件名
string size = FileUpload1.PostedFile.ContentLength.ToString(); //文件大小
string type = FileUpload1.PostedFile.ContentType; //文件MIME内容类型,不直观
string type2 = name.Substring(name.LastIndexOf(".") + 1); //文件后缀名,直观,实际不用,有被木马利用的漏洞
string ipath = Server.MapPath("upimg") + "\\" + name; //文件实际路径,当前文件夹下upimg是存在的
string fpath = Server.MapPath("upfile") + "\\" + name; //文件实际路径,当前文件夹下upfile是存在的
string xipath = "upimg\\" + name; //写到数据库去的虚拟路径?什么意思我也不是很明白
string xfpath = "upfile\\" + name;
if (type2 == "jpg" || type2 == "gif" || type2 == "bmp" || type2 == "png") //实际不用这个,有漏洞
{
FileUpload1.SaveAs(ipath); //将文件保存到这个路径里面
Image1.ImageUrl = xipath; //显示图片
Label1.Text = "文件名是:" + name + "<br/>文件大小为:" + size + "字节<br/>文件类型是:" + type + "<br/>后缀名是:" + type2 + "<br/>实际路径是:" + ipath + "<br/>虚拟路径是:" + xipath;
}
else
{
Image1.Visible = false;
FileUpload1.SaveAs(fpath); //将文件保存到另一路径里面
Label1.Text = "文件名是:" + name + "<br/>文件大小为:" + size + "字节<br/>文件类型是:" + type + "<br/>后缀名是:" + type2 + "<br/>实际路径是:" + fpath + "<br/>虚拟路径是:" + xfpath;
}
}
}
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
public partial class FileUpload : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
string name = FileUpload1.FileName; //文件名
string size = FileUpload1.PostedFile.ContentLength.ToString(); //文件大小
string type = FileUpload1.PostedFile.ContentType; //文件MIME内容类型,不直观
string type2 = name.Substring(name.LastIndexOf(".") + 1); //文件后缀名,直观,实际不用,有被木马利用的漏洞
string ipath = Server.MapPath("upimg") + "\\" + name; //文件实际路径,当前文件夹下upimg是存在的
string fpath = Server.MapPath("upfile") + "\\" + name; //文件实际路径,当前文件夹下upfile是存在的
string xipath = "upimg\\" + name; //写到数据库去的虚拟路径?什么意思我也不是很明白
string xfpath = "upfile\\" + name;
if (type2 == "jpg" || type2 == "gif" || type2 == "bmp" || type2 == "png") //实际不用这个,有漏洞
{
FileUpload1.SaveAs(ipath); //将文件保存到这个路径里面
Image1.ImageUrl = xipath; //显示图片
Label1.Text = "文件名是:" + name + "<br/>文件大小为:" + size + "字节<br/>文件类型是:" + type + "<br/>后缀名是:" + type2 + "<br/>实际路径是:" + ipath + "<br/>虚拟路径是:" + xipath;
}
else
{
Image1.Visible = false;
FileUpload1.SaveAs(fpath); //将文件保存到另一路径里面
Label1.Text = "文件名是:" + name + "<br/>文件大小为:" + size + "字节<br/>文件类型是:" + type + "<br/>后缀名是:" + type2 + "<br/>实际路径是:" + fpath + "<br/>虚拟路径是:" + xfpath;
}
}
}
