When uploading files to a server and calling a controller method does a HttpPostedFileBase contain the entire file or just information such as name, path, etc?
What I want to know is if the file is uploaded to the server right away or not until calling SaveAs(path) ?
As the file is part of your request, it is uploaded immediatly. It is just buffered into a tempfile which the system will delete once you send the Response.
If you use SaveAs, you just transfert the file into a permanent location.
Related
I tried to apply the method on this page, but this sample save the files to disk instead of Database. So, could you please inform me what changes should be made on the sample method or is there any sample using this Kendo Upload to save multiple files to database?
The following method declaration -
private IEnumerable<string> GetFileInfo(IEnumerable<HttpPostedFileBase> files)
which receives the uploaded files have IEnumerable<HttpPostedFileBase> as parameter. It is collection of all the uploaded files. Each file exposes a property InputStream. For more information visit this msdn page
So now that you have the file content in form of stream, convert this stream into byte[] and save this to database.
Some suggestion are posted here.
I have a simple rails application where a user can upload and download file from S3. For example: in /avatar/caid/uuid, there is only one file named uuid.png which is uploaded by the user. Next, user must be able to download that particular file from S3, however, at this time, he doesn't know the exact name of the file saved in S3. What he knows is the file is save in /avatar/caid/uuid. My question is how can I download the only file from /avatar/caid/uuid folder? I tried the option below:
resp = s3.get_object(
bucket: "xxx",
key: "avatar/123/456/pic.bmp",
)
However, option above assumes that I have to know the exact name of the file which is pic.bmp. May I know how can I download the file pic.bmp by just knowing the
url" "avatar/123/456" ?
Thanks
In my application i have a file upload option. The uploaded files used to saved in DriveHQ ftp server. After uploading i want to send a mail to the admin with the uploaded file as attachment.
I tried as follows
uri = URI::FTP.build(['username:password', 'ftp.drivehq.com', nil,"\\My Documents\\#{17}\\Fitness.txt", 'i'])
And in the mailer:
attachments['image'] = {mime_type: 'text/plain',content: File.read(uri)}
But its not working. it was returning error as
bad component(expected relative path component): \My Documents\17\Fitness.txt;type=i
I guess you're using the API in a wrong way.
You need to download the file, and yes you do it by creating an URI to the FTP server, but then you need to download the file to a temporary directory.
After that, in your mailer you read that file.
Remember since File is a subclass of IO and it does not have the read method, when you invoke File.read, you are actually calling IO.read.
in am using ace:fileEntry component to upload a pdf file. my problem i dont know how to change the filename while uploading the document. The file gets uploaded with the originalfilename.I know that if i set useOriginalFilename=false, it would have a unique name, but I want that the file uploaded in the file system should have the custom filename which i want to pass.
My xhtml code is as below
<ace:fileEntry id="file-entry" label="Attachment"
absolutePath="STR_UPLOADED_FILES"
maxFileCount="1"
maxFileCountMessage="Limited to 1 files uploaded concurrently."
fileEntryListener="#{strformbean.fileuploadListener}"
maxFileSize="6291456"
maxFileSizeMessage="Submitted file is too large.Max size allowed is 6MB"
maxTotalSize="6291456"
maxTotalSizeMessage="Total size of submitted files is too large."
required="false"
requiredMessage="The file is required to submit this form."
useOriginalFilename="true"
useSessionSubdir="false" />
You sound like as if you expected that the temporary storage location of uploaded files is usable as a permanent storage location of uploaded files and you thus don't need to touch it. This is wrong! The location where uploaded files will initially end up is really temporary in order to save server memory usage. It will be cleaned at intervals or startup/shutdown.
In the listener method, you should be obtaining the content of the uploaded file yourself as InputStream or byte[] which you should write to the permanent storage location. During this step you have all the freedom to specify your own filename.
See also this closely related question about PrimeFaces <p:fileUpload> (whose sourcecode ICEfaces has for the major part stolen copypasted redistributed) Where is the p:fileUpload uploaded file saved and how do I change it? for a detailed answer how to deal with it properly.
I have a website that shows galleries. Users can upload their own content from the web (by entering a URL) or by uploading a picture from their computer.
I am storing the URL in the database which works fine for the first use case but I need to figure out where to store the actual images if a user does a upload from their computer.
Is there any recommendation here or best practice on where I should store these?
Should I save them in the appdata or content folders? Should they not be stored with the website at all because it's user content?
You should NOT store the user uploads anywhere they can be directly accessed by a known URL within your site structure. This is a security risk as users could upload .htm file and .js files. Even a file with the correct extension can contain malicious code that can be executed in the context of your site by an authenticated user allowing server-side or client-side attacks.
See for example http://www.acunetix.com/websitesecurity/upload-forms-threat.htm and What security issues appear when users can upload their own files? which mention some of the issues you need to be aware of before you allow users to upload files and then present them for download within your site.
Don't put the files within your normal web site directory structure
Don't use the original file name the user gave you. You can add a content disposition header with the original file name so they can download it again as the same file name but the path and file name on the server shouldn't be something the user can influence.
Don't trust image files - resize them and offer only the resized version for subsequent download
Don't trust mime types or file extensions, open the file and manipulate it to make sure it's what it claims to be.
Limit the upload size and time.
Depending on the resources you have to implement something like this, it is extremely beneficial to store all this stuff in Amazon S3.
Once you get the upload you simply push it over to Amazon and pop the URL in your database as you're doing with the other images. As mentioned above it would probably be wise to open up the image and resize it before sending it over. This both checks it is actually an image and makes sure you don't accidentally present a full camera resolution image to an end user.
Doing this now will make it much, much easier if you ever have to migrate/failover your site and don't want to sync gigabytes of image assets.
One way is to store the image in a database table with a varbinary field.
Another way would be to store the image in the App_Data folder, and create a subfolder for each user (~/App_Data/[userid]/myImage.png).
For both approaches you'd need to create a separate action method that makes it possible to access the images.
While uploading images you need to verify the content of the file before uploading it. The file extension method is not trustable.
Use magic number method to verify the file content which will be an easy way.
See the stackoverflow post and see the list of magic numbers
One way of saving the file is converting it to binary format and save in our database and next method is using App_Data folder.
The storage option is based on your requirement. See this post also
Set upload limit by setting maxRequestLength property to Web.Config like this, where the size of file is specified in KB
<httpRuntime maxRequestLength="51200" executionTimeout="3600" />
You can save your trusted data just in parallel of htdocs/www folder so that any user can not access that folder. Also you can add .htaccess authentication on your trusted data (for .htaccess you should kept your .htpasswd file in parallel of htdocs/www folder) if you are using apache.