1

In our application , we are using asp.net FileUpload control to upload files.

Requirement is , user should be able to upload only ".doc, .xls , .pdf" files.

System should not allow him to upload other files. To achieve this we are validating the extension of the uploaded file. If it is not valid then throwing error message.. this works fine..

But if i change the any exe file as .doc file , then system is allowing to upload. this should not happen.

Is there any way to validate the file with its content instead of its extension ..?

Improve this question
1
  • 7
    hmh..... seems you'll never mark one of our responses as answer. Commented Dec 16, 2009 at 19:04

2 Answers 2

Reset to default
4

Check out this question/answer on stackoverflow. I belive this is a duplicate question.

Also, look into reading a file's magic number especially if you are just trying to determine if the file is one of a few acceptable types. Magic number Wikipedia

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

+1 the file signature checking approach seems like a great solution.
1

Uploadify is a good file uploading tool that I have found which allows you to specify which extensions you allow the user to see when uploading their files. It also has alot of other cool options and it is highly customizeable. It uses a combination of jquery and flash to allow the user to upload more than one file at a time as well (if desired).

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.