ASP.NET 2.0 now includes the FileUpload control, allowing web site users to upload files onto the web server for archival or file-submission purposes. For example, students typically need to upload their files to their school's server when they submit their assignment or project work. You'll find the FileUpload control in the Toolbox under the Standard tab.
Note: Uploading files to your web site is made easy with the new FileUpload control.
The Visual Studio designer represents the FileUpload control by adding an empty text box and a Button control to a Web page. To upload the selected file, you need to explicitly trigger an event, such as clicking a button (see the Submit button in Figure 1-30). In the following example, you will build an application that allows users to upload files to a particular directory on the server. You will also check the size of the file uploaded to ensure that users do not upload files that exceed an imposed limit.
Launch Visual Studio 2005 and create a new web site project. Name the project C:\ASPNET20\chap01-FileUpload.
In the Toolbox, double-click the FileUpload control located under the Standard tab to add the control to the default Web Form, Default.aspx.
Add a Button control to the default form, change its Text to "Submit", and name the button "btnSubmit".
Your form should now look like the one shown in Figure 1-30.
Note: Remember to add a Submit button so that you can invoke the FileUpload control.
Right-click the project name in Solution Explorer and then select Add
Folder
Double-click the Submit button to reveal the code-behind. Enter the following code for the Submit button:
Sub btnSubmit_Click(ByVal sender As Object, _
ByVal e As System.EventArgs) _
Handles btnSubmit.Click
' get the application path
Dim savePath As String = Request.PhysicalApplicationPath
' uploads to a special upload folder
savePath += "uploads\"
If FileUpload1.HasFile Then ' verify if there is file to upload
savePath += FileUpload1.FileName
' existing file will be overwritten
FileUpload1.SaveAs(savePath)
Response.Write("File uploaded successfully!")
Else
Response.Write("No file to upload")
End If
End SubTip: You use the FileUpload1.SaveAs( ) method to save the file onto the specified directory. If there is a file of the same name, this method will simply overwrite it with the new file. Hence it is important that you do some error checking before writing the file to the server.
ASP.NET 2.0 provides a new way for you to wire up your event handlers, one that was unavailable in ASP.NET 1.x. To use this technique, add an attribute to the Web Form that identifies the event you wish to trap and the code to handle it. Then, add code for the handler to the code-behind page. For example, to handle the Click event of btnSubmit, add the OnClick attribute to the Source View of your form and then set it to point to an event handler in your code-behind. For example:
<asp:Button ID="btnSubmit"
runat="server" Text="Submit"
OnClick="Submit_Click" />This technique eliminates the need for the Handles keyword in the handler code:
Protected Sub Submit_Click(ByVal sender As Object, _ ByVal e As System.EventArgs) ' code to handle the Submit button click End Sub
You find out the path that the current application resides in by using the PhysicalApplicationPath property from the Request object. The HasFile property of the FileUpload control specifies if the user has selected a file to upload. The file selected is saved in the FileName property of the FileUpload control.
...limiting the size of uploaded files?
For security reasons, it is important to restrict the size of files that users may upload to your web site. (Allowing users to upload a file that is too large could potentially expose an app to a denial-of-service attack.) You can check the size of the file uploaded by using the ContentLength property, as the following example shows:
Note: Be sure to check the size of the file that your user is trying to upload. Failing to do so may allow users to upload large files thereby slowing (or crashing) your web server.
' ensure size if below 3MB
If FileUpload1.PostedFile.ContentLength <= 3145728 Then
savePath += FileUpload1.FileName
' existing file will be overwritten
FileUpload1.SaveAs(savePath)
Response.Write("File uploaded successfully!")
Else
Response.Write("File size exceeds 3MB.")
End IfIf you want to learn more about how file uploading is done in ASP.NET 1.x, check out this article: http://www.ondotnet.com/pub/a/dotnet/2002/04/01/aspl.