File Upload Class Web Controls)

4/28/2010 FileUpload Class (System.Web.UI.
WebC…
Home Library Learn Downloads Support Sign in | United States - English | Preferences
.NET Framework Class Library
MSDN Library FileUpload Class

.NET Development
.NET Framework 4
.NET Framework Class Library
System.Web.UI.WebControls Namespace Displays a text box control and a browse button that enable users
FileUpload Class to select a file to upload to the server.
FileUpload Members
Namespace: System.Web.UI.WebControls
FileUpload Constructor
Assembly: System.Web (in System.Web.dll)
FileUpload Methods
FileUpload Properties
FileUpload Events Syntax
VB C# C++ F# JScript
Copy
Community Content [ValidationPropertyAttribute("FileName")]
[ControlValuePropertyAttribute("FileBytes")]
Add code samples and tips to public class FileUpload : WebControl
enhance this topic.
Copy
<asp:FileUpload />
More...
Remarks
In this topic:
Saving Uploaded Files
Security Considerations
Memory Limitations
Using the FileUpload Control with the UpdatePanel Control
Declarative Syntax
Introduction
The FileUpload class displays a text box control and a browse

button that enable users to select a file on the client and upload it
to the Web server. The user specifies the file to upload by
entering the full path of the file on the local computer (for
example, C:\MyFiles\TestFile.txt) in the text box of the control.
Alternately, the user can select the file by clicking the Browse
button, and then locating it in the Choose File dialog box.
Use the FileName property to get the name of a file on a client to

upload by using the FileUpload control. The file name that this
property returns does not include the path of the file on the client.
The FileContent property gets a Stream object that points to a file

…microsoft.com/…/system.web.ui.webco… 1/14
4/28/2010 FileUpload Class (System.Web.UI.WebC…
to upload. Use this property to access the contents of the file as
bytes. For example, you can use the Stream object that is returned
by the FileContent property to read the contents of the file as
bytes and store them in a byte array. Alternatively, you can use the
FileBytes property to retrieve all the bytes in the file.
The PostedFile property gets the underlying HttpPostedFile object

for the file to upload. You can use this property to access
additional properties on the file. The ContentLength property gets
the length of the file. The ContentType property gets the MIME
content type of the file. In addition, you can use the PostedFile
property to access the FileName property, the InputStream
property, and the SaveAs method. However, the same functionality
is provided by the FileName property, the FileContent property,
and the SaveAs method.
Saving Uploaded Files
The FileUpload control does not automatically save a file to the

server after the user selects the file to upload. You must explicitly
provide a control or mechanism to allow the user to submit the
specified file. For example, you can provide a button that the user
clicks to upload the file. The code that you write to save the
specified file should call the SaveAs method, which saves the
contents of a file to a specified path on the server. Typically, the
SaveAs method is called in an event-handling method for an event
that raises a post back to the server. For example, if you provide
a button to submit a file, you could include the code to save the
file inside the event-handling method for the click event.
Before calling the SaveAs method to save the file to the server,
use the HasFile property to verify that the FileUpload control
contains a file. If the HasFile returns true, call the SaveAs method.
If it returns false, display a message to the user indicating that the
control does not contain a file. Do not check the PostedFile
property to determine whether a file to upload exists because, by
default, this property contains 0 bytes. As a result, even when the
FileUpload control is blank, the PostedFile property returns a non-
null value.
Security Considerations
When you call the SaveAs method, you must specify the full path
of the directory in which to save the uploaded file. If you do not
explicitly specify a path in your application code, an exception is
thrown when a user attempts to upload a file. This behavior helps
keep the files on the server secure by preventing users from
being able to write to arbitrary locations in your application's
directory structure, as well as preventing access to sensitive root
directories.
The SaveAs method writes the uploaded file to the specified

directory. Therefore, the ASP.NET application must have write
access to the directory on the server. There are two ways that the
application can get write access. You can explicitly grant write
access to the account under which the application is running, in
the directory in which the uploaded files will be saved.
Alternatively, you can increase the level of trust that is granted to
the ASP.NET application. To get write access to the executing
directory for the application, the application must be granted the
AspNetHostingPermission object with the trust level set to the
AspNetHostingPermissionLevel.Medium value. Increasing the level
of trust increases the application's access to resources on the
server. Note that this is not a secure approach, because a
malicious user who gains control of your application will also be
able to run under this higher level of trust. It is a best practice to
run an ASP.NET application in the context of a user with the
minimum privileges that are required for the application to run.
For more information about security in ASP.NET applications, see
Basic Security Practices for Web Applications and ASP.NET Trust
Levels and Policy Files.
Memory Limitations
One way to guard against denial of service attacks is to limit the

size of the files that can be uploaded by using the FileUpload
control. You should set a size limit that is appropriate for the
types of files that you expect to be uploaded. The default size
limit is 4096 kilobytes (KB), or 4 megabytes (MB). You can allow
larger files to be uploaded by setting the maxRequestLength
attribute of the httpRuntime element. To increase the maximum
allowable file size for the entire application, set the
maxRequestLength attribute in the Web.config file. To increase the
maximum allowable file size for a specified page, set the
maxRequestLength attribute inside the location element in
Web.config. For an example, see location Element (ASP.NET
Settings Schema).
When uploading large files, a user might also receive the

following error message:
aspnet_wp.exe (PID: 1520) was recycled because memory

consumption exceeded 460 MB (60 percent of available RAM).
If your users encounter this error message, increase the value of

the memoryLimit attribute in the processModel of element the
Web.config file for the application. The memoryLimit attribute
specifies the maximum amount of memory that a worker process
can use. If the worker process exceeds the memoryLimit amount,
a new process is created to replace it, and all current requests are
reassigned to the new process.
To control whether the file to upload is temporarily stored in

memory or on the server while the request is being processed,
set the requestLengthDiskThreshold attribute of the httpRuntime
element. This attribute enables you to manage the size of the
input stream buffer. The default is 256 bytes. The value that you
specify should not exceed the value that you specify for the
maxRequestLength attribute.
Using the FileUpload Control with the UpdatePanel
Control
The FileUpload control is designed to be used only in postback

scenarios and not in asynchronous postback scenarios during
partial-page rendering. When you use a FileUpload control inside
an UpdatePanel control, the file must be uploaded by using a
control that is a PostBackTrigger object for the panel.
UpdatePanel controls are used to update selected regions of a
page instead of updating the whole page with a postback. For
more information, see UpdatePanel Control Overview and Partial-
Page Rendering Overview.
Declarative Syntax
Copy
<asp:FileUpload
AccessKey="string"
BackColor="color name|#dddddd"
BorderColor="color name|#dddddd"
BorderStyle="NotSet|None|Dotted|Dashed|Soli
d|Double|Groove|Ridge|
Inset|Outset"
BorderWidth="size"
CssClass="string"
Enabled="True|False"
EnableTheming="True|False"
EnableViewState="True|False"
Font-Bold="True|False"
Font-Italic="True|False"
Font-Names="string"
Font-Overline="True|False"
Font-Size="string|Smaller|Larger|XX-Small|X
-Small|Small|Medium|
Large|X-Large|XX-Large"
Font-Strikeout="True|False"
Font-Underline="True|False"
ForeColor="color name|#dddddd"
Height="size"
ID="string"
OnDataBinding="DataBinding event handler"
OnDisposed="Disposed event handler"
OnInit="Init event handler"
OnLoad="Load event handler"
OnPreRender="PreRender event handler"
OnUnload="Unload event handler"
runat="server"
SkinID="string"
Style="string"
TabIndex="integer"
ToolTip="string"
Visible="True|False"
Width="size"
/>
Topic Location
How to: Upload Files with the Building ASP .NET Web
FileUpload Web Server Control Applications
FileUpload Web Server Control Applications
FileUpload Web Server Control Applications in Visual Studio
How to: Set Focus on ASP.NET Building ASP .NET Web

Web Server Controls Applications

Web Server Controls Applications

Web Server Controls Applications in Visual Studio
FileUpload Web Server Control Applications in Visual Studio

Web Server Controls Applications in Visual Studio
Examples
This section contains the following four examples:
The first example demonstrates how to create a FileUpload

control that saves files to a path that is specified in code.
The second example demonstrates how to create a

FileUpload control that saves files to a specified directory
in the file system for the application.
The third example demonstrates how to create a

FileUpload control that saves files to a specified path and
limits the size of the file that can be uploaded.
The fourth example demonstrates how to create a

FileUpload control that saves files to a specified path and
allows only files that have the .doc or .xls file name
extensions to be uploaded.
Caution
These examples demonstrate the basic syntax for the
FileUpload control, but they do not demonstrate all the
necessary error checking that should be completed before to
saving the file. For a more complete example, see SaveAs.
The following example demonstrates how to create a FileUpload

control that saves files to a path that is specified in code. The
SaveAs method is called to save the file to the specified path on
the server.
Copy
4/28/2010 FileUpload Class (System.Web.UI.WebC… Copy
<%@ Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Tr

ansitional//EN" "http://www.w3.org/TR/xhtml1/DT
D/xhtml1-transitional.dtd">
<script runat="server">
protected void UploadButton_Click(object send

er, EventArgs e)
{
// Specify the path on the server to
// save the uploaded file to.
String savePath = @"c:\temp\uploads\";
// Before attempting to perform operations

// on the file, verify that the FileUpload
// control contains a file.
if (FileUpload1.HasFile)
{
// Get the name of the file to upload.
String fileName = FileUpload1.FileName;
// Append the name of the file to upload

to the path.
savePath += fileName;
// Call the SaveAs method to save the

// uploaded file to the specified path.
// This example does not perform all
// the necessary error checking.
// If a file with the same name

// already exists in the specified path,
// the uploaded file overwrites it.

FileUpload1.SaveAs(savePath);
// Notify the user of the name of the fil

e
// was saved under.
UploadStatusLabel.Text = "Your file was s
aved as " + fileName;
}
else
{
// Notify the user that a file was not up
loaded.
UploadStatusLabel.Text = "You did not spe
cify a file to upload.";
}
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >

<head runat="server">
<title>FileUpload Example</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<h4>Select a file to upload:</h4>
<asp:FileUpload id="FileUpload1"
runat="server">
</asp:FileUpload>
<br /><br />
<asp:Button id="UploadButton"
Text="Upload file"
OnClick="UploadButton_Click"
runat="server">
</asp:Button>
<hr />
<asp:Label id="UploadStatusLabel"
runat="server">
</asp:Label>
</div>
</form>
</body>
</html>

control that saves files to a specified directory in the file system
for the application. The HttpRequest.PhysicalApplicationPath
property is used to get the physical file system path of the root
directory for the currently executing server application. The
SaveAs method is called to save the file to the specified path on
the server.
Copy

protected void UploadButton_Click(object se

nder, EventArgs e)
{
// Save the uploaded file to an "Upload
s" directory
// that already exists in the file syst
em of the
// currently executing ASP.NET applicat
ion.
// Creating an "Uploads" directory isol
ates uploaded
// files in a separate directory. This
helps prevent
// users from overwriting existing appl
ication files by
// uploading files with names like "Web
.config".
string saveDir = @"\Uploads\";
// Get the physical file system path fo

r the currently
// executing application.
string appPath = Request.PhysicalApplic
ationPath;
// Before attempting to save the file,

verify
// that the FileUpload control contains
a file.
{
string savePath = appPath + saveDir
+
Server.HtmlEncode(FileUpload1.F
ileName);
// Call the SaveAs method to save t

he
// uploaded file to the specified p
ath.
// This example does not perform al
l
// the necessary error checking.

// already exists in the specified
path,
// the uploaded file overwrites it.
// Notify the user that the file wa

s uploaded successfully.
UploadStatusLabel.Text = "Your file
was uploaded successfully.";
}
else
{
// Notify the user that a file was
not uploaded.
UploadStatusLabel.Text = "You did n
ot specify a file to upload.";
}
}
</script>

<title>FileUpload Class Example</title>
</head>
<body>
<h3>FileUpload Class Example: Save To Appli
cation Directory</h3>
<div>
runat="server">
</asp:FileUpload>
<br/><br/>
Text="Upload file"
runat="server">
</asp:Button>
<hr />
runat="server">
</asp:Label>
</div>
</form>
</body>
</html>

control that saves files to a path that is specified in the code. The
control limits the size of the file that can be uploaded to 5 MB.
The PostedFile property is used to access the underlying
ContentLength property and return the size of the file. If the size
of the file to upload is less than 2 MB, the SaveAs method is
called to save the file to the specified path on the server. In
addition to checking for the maximum file size setting in your
application code, you can set the maxRequestLength attribute of
the httpRuntime element to a maximum allowable size in the
configuration file for your application.
Copy

protected void UploadButton_Click(object se

nder, EventArgs e)
{
string savePath = @"c:\temp\uploads\";
verify
a file.
{
// Get the size in bytes of the fil
e to upload.
int fileSize = FileUpload1.PostedFi
le.ContentLength;
// Allow only files less than 2,100

,000 bytes (approximately 2 MB) to be uploaded.
if (fileSize < 2100000)
{
// Append the name of the uploa

ded file to the path.
savePath += Server.HtmlEncode(F
ileUpload1.FileName);
// Call the SaveAs method to sa

ve the
// uploaded file to the specifi
ed path.
// This example does not perfor
m all
// the necessary error checking
.
// already exists in the specif
ied path,
// the uploaded file overwrites
it.
// Notify the user that the fil

e was uploaded successfully.
UploadStatusLabel.Text = "Your
file was uploaded successfully.";
}
else
{
// Notify the user why their fi
le was not uploaded.
file was not uploaded because " +
"it ex
ceeds the 2 MB size limit.";
}
}
else
{
// Notify the user that a file was
not uploaded.
UploadStatusLabel.Text = "You did n
ot specify a file to upload.";
}
}
</script>
</head>
<body>
<div>
runat="server">
</asp:FileUpload>
<br/><br/>
Text="Upload file"
runat="server">
</asp:Button>
<hr />
runat="server">
</asp:Label>
</div>
</form>
</body>
</html>

control that saves files to a path that is specified in the code. This
example allows only files that have the .doc or .xls file name
extensions to be uploaded. The Path.GetExtension method is
called to return the extension of the file to upload. If the file has a
.doc or .xls file name extension, the SaveAs method is called to
save the file to the specified path on the server.
Copy

protected void UploadBtn_Click(object sende

r, EventArgs e)
{
string savePath = @"c:\temp\uploads";

verify
a file.
{
// Get the name of the file to uplo
ad.
string fileName = Server.HtmlEncode
(FileUpload1.FileName);
// Get the extension of the uploade

d file.
string extension = System.IO.Path.G
etExtension(fileName);
// Allow only files with .doc or .x

ls extensions
// to be uploaded.
if ((extension == ".doc") || (exten
sion == ".xls"))
{
// Append the name of the file
to upload to the path.
savePath += fileName;
// Call the SaveAs method to sa

ve the
// uploaded file to the specifi
ed path.
// This example does not perfor
m all
// the necessary error checking
.
// already exists in the specif
ied path,
// the uploaded file overwrites
it.
// Notify the user that their f

ile was successfully uploaded.
file was uploaded successfully.";
}
else
{
// Notify the user why their fi
le was not uploaded.
file was not uploaded because " +
"it do
es not have a .doc or .xls extension.";
}
</script>

</head>
<body>
<div>
runat="server">
</asp:FileUpload>
<br/><br/>
<asp:Button id="UploadBtn"
Text="Upload file"
OnClick="UploadBtn_Click"
runat="server">
</asp:Button>
<hr />
runat="server">
</asp:Label>
</div>
</form>
</body>
</html>
Inheritance Hierarchy
System.Object
System.Web.UI.Control
System.Web.UI.WebControls.WebControl
System.Web.UI.WebControls.FileUpload
Thread Safety
Any public static (Shared in Visual Basic) members of this type are
thread safe. Any instance members are not guaranteed to be
thread safe.
Platforms
Windows 7, Windows Vista, Windows XP SP3, Windows XP Media
Center Edition, Windows XP Professional x64 Edition, Windows XP
Starter Edition, Windows Server 2008, Windows Server 2003,
Windows Server 2000 SP4, Windows Millennium Edition, Windows
98
The .NET Framework and .NET Compact Framework do not
support all versions of every platform. For a list of the supported
versions, see http://msdn.microsoft.com/en-
us/library/8z6watww.aspx.
Version Information
.NET Framework
Supported in: 4, 3.5, 3.0, 2.0
See Also
Reference
FileUpload Members
System.Web.UI.WebControls Namespace
SaveAs
Community Content
© 2010 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement | Feedback

File Upload Class Web Controls)

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

File Upload Class Web Controls)

Uploaded by

Copyright:

Available Formats

4/28/2010 FileUpload Class (System.Web.UI.

.NET Framework Class Library

MSDN Library FileUpload Class

Saving Uploaded Files

Using the FileUpload Control with the UpdatePanel Control

The FileUpload class displays a text box control and a browse

Use the FileName property to get the name of a file on a client to

The FileContent property gets a Stream object that points to a file

The PostedFile property gets the underlying HttpPostedFile object

Saving Uploaded Files

The FileUpload control does not automatically save a file to the

The SaveAs method writes the uploaded file to the specified

One way to guard against denial of service attacks is to limit the

When uploading large files, a user might also receive the

aspnet_wp.exe (PID: 1520) was recycled because memory

If your users encounter this error message, increase the value of

To control whether the file to upload is temporarily stored in

The FileUpload control is designed to be used only in postback

How to: Set Focus on ASP.NET Building ASP .NET Web

How to: Set Focus on ASP.NET Building ASP .NET Web

How to: Set Focus on ASP.NET Building ASP .NET Web

How to: Set Focus on ASP.NET Building ASP .NET Web

The first example demonstrates how to create a FileUpload

The second example demonstrates how to create a

The third example demonstrates how to create a

The fourth example demonstrates how to create a

The following example demonstrates how to create a FileUpload

<%@ Page Language="C#" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Tr

protected void UploadButton_Click(object send

// Before attempting to perform operations

// Append the name of the file to upload

// Call the SaveAs method to save the

// If a file with the same name

// the uploaded file overwrites it.

// Notify the user of the name of the fil

<html xmlns="http://www.w3.org/1999/xhtml" >

<br /><br />

The following example demonstrates how to create a FileUpload

<%@ Page Language="C#" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Tr

protected void UploadButton_Click(object se

// Get the physical file system path fo

// Before attempting to save the file,

// Call the SaveAs method to save t

// If a file with the same name

// Notify the user that the file wa

<html xmlns="http://www.w3.org/1999/xhtml" >

The following example demonstrates how to create a FileUpload

<%@ Page Language="C#" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Tr

protected void UploadButton_Click(object se

// Allow only files less than 2,100

// Append the name of the uploa

// Call the SaveAs method to sa

// Notify the user that the fil

The following example demonstrates how to create a FileUpload

<%@ Page Language="C#" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Tr

protected void UploadBtn_Click(object sende

// Before attempting to save the file,

// Get the extension of the uploade

// Allow only files with .doc or .x