October 25, 2014
Hot Topics:
RSS RSS feed Download our iPhone app

Limiting Upload Sizes with ASP.NET

  • October 25, 2004
  • By Mike Gunderloy
  • Send Email »
  • More Articles »

It seemed like a simple request from a customer with an ASP.NET Web site: come up with a way to let their users upload images to a SQL Server database. Oh, and limit the files to a certain size, to keep traffic and database sizes reasonable. Oh, and show a friendly error message if the file was too large.

Well, in the end, it did turn out to be simple - but it also meant I had to touch on a batch of different parts of ASP.NET. So let me walk through what I came up with, and perhaps you can find something that will help in your own future plans.

Uploading and Storing the File

The first task was fairly easy. The customer's requirements called for storing the uploaded file, together with its content type and size, into a SQL Server table. To handle this part, I wrote a stored procedure:


CREATE PROC procInsertFile
  @File image,
  @ContentType varchar(50),
  @ByteSize int
AS
  INSERT INTO UploadedFiles([File], ContentType, ByteSize)
  VALUES(@File, @ContentType, @ByteSize)

Uploading the file is easy too. You may not have ever used it, but the HTML standard includes the <INPUT type="file"> tag. This tag is rendered as a textbox and a browse button; you can use the browse button to select a file, whose name appears in the textbox. When you submit the form, the contents of the specified file are sent along as part of the HTTP request. Even though it's not in the Visual Studio toolbox, you can still use this tag in your ASP.NET Web Forms by hand-editing the HTML. Here's the HTML for a page that contains just this tag and a submit button, as shown in Figure 1.


<%@ Page Language="vb" AutoEventWireup="false" 
 Codebehind="UploadForm.aspx.vb"
 Inherits="UploadProject.UploadForm"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
	<HEAD>
		<title>UploadForm</title>
	</HEAD>
	<body>
		<form id="Form1" method="post" runat="server">
			<P>
				<input id="UploadFile" runat="server" type="file">
				<asp:Button id="btnUpload" runat="server"
				  Text="Upload"></asp:Button></P>
		</form>
	</body>
</HTML>
Simple upload form

I also added a SqlConnection and a SqlCommand to my Web Form. The SqlConnectin points to the appropriate database and the SqlCommand wraps the procInsertFile stored procedure. I named the SqlCommand cmdInsertFile. Even though the file upload control isn't in the Toolbox, ASP.NET still includes methods for working with it. Here's the code that gets triggered when the user clicks the Submit button:


Imports System.IO

Private Sub Page_Load(ByVal sender As System.Object, _
 ByVal e As System.EventArgs) Handles MyBase.Load
    If IsPostBack Then
        ' Get the uploaded data
        Dim upfile As HttpPostedFile = _
         UploadFile.PostedFile
        ' Make sure there's actually content uploaded
        If upfile.ContentLength <> Nothing Then
            ' Load the data into a byte array
            Dim StreamObject As Stream
            Dim FileLength As Integer = _
             upfile.ContentLength
            Dim FileByteArray(FileLength) As Byte
            StreamObject = upfile.InputStream
            StreamObject.Read(FileByteArray, 0, _
             FileLength)
            ' Store the fileLength stream in 
            ' the SQL Server database
            cmdInsertFile.Parameters("@File").Value = _
             FileByteArray
            cmdInsertFile.Parameters("@ContentType").Value = _
             upfile.ContentType
            cmdInsertFile.Parameters("@ByteSize").Value = _
             FileLength
            SqlConnection1.Open()
            cmdInsertFile.ExecuteNonQuery()
            SqlConnection1.Close()
        End If
    End If
End Sub

The key to this code is the HttpPostedFile class, which gives you direct access to the contents of the uploaded file. It also has handy properties for things like the file size and its content type. All that the code does is grab this data and stuff it into a byte array, which can then be used as a parameter to the stored procedure. With this much code written, the first requirement is satisfied: the file gets to the SQL Server database.





Page 1 of 2



Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Sitemap | Contact Us

Rocket Fuel