DeveloperBarn
upload file field (restrict filename size?)
This is a discussion on upload file field (restrict filename size?) within the ASP Development forums, part of the Programming & Scripting category; Hi All, ok...I have a form that has to fields where a file can be uploaded when the form is ...
| |||||||
|
#1
November 13th, 2008, 09:21 AM
| ||||
| ||||
 upload file field (restrict filename size?) Hi All, ok...I have a form that has to fields where a file can be uploaded when the form is submitted. When the form is submitted the file has a date/time stamp on it and just the filename.ext is added to the database (fields - file1 & file2). The issue is I had to bump up these length on these fields to (40) because the longer my file name I started to get the error below. I think (40) is plenty but there is always still the possibility someone  may still try to upload a filename that is too long and the error below will appear and the file gets uploaded to the server but the record/form data is not added to the database. I'm not sure how to go about placing a restriction on the length of the filename, is that possible? Thanks for any suggestions.Code: Microsoft OLE DB Provider for SQL Server error '80040e57' String or binary data would be truncated.  |
|
#2
November 13th, 2008, 12:01 PM
| ||||
| ||||
 Windows filenames can be up to 255 characters long, I believe. So you should account for that. When you are in the process of uploading the file, you could always use the Len() function to check the length of the string.
__________________ jmurrayhead If you agree with me... click the  icon! If my post solved your problem, click the  button in the lower right-hand corner of the post.If you like it here...throw us a few bones to help support us. Join our Folding team: DeveloperBarn Folding |
|
#3
November 13th, 2008, 12:15 PM
| ||||
| ||||
| Oh Ok, Thanks JMH...I tried something like this but it didn't seem to do anything. Is this what you mean? Code: if (formDOMObj.attach1.value.length <='20'){
alert("Shorten your filename, make it 20 characters or less!");
formDOMObj.attach1.focus();
return false;
}
|
|
#4
November 13th, 2008, 12:23 PM
| ||||
| ||||
| Well, that's JavaScript, which is not within the scope of the ASP forum. On server-side ASP, you should check the length of the filename, which may be done in various different ways depending on the FileUpload script you are using. EDIT:: Keep in mind, that if you simply set the fieldsize to the maximum file name length for Windows...you won't even need to perform the check, because Windows will give an error if a person attempts to name a file longer than the allowed length. |
|
#5
January 2nd, 2009, 11:21 AM
| ||||
| ||||
| Hiya... ok...so you mean to set the type size in sql at 255? Right now i just bumped it up but not that much.....If that's not the way I want to go and want to restrict it to less characters....should this be done in javascript or asp? Thanks for your help!  |
|
#6
January 2nd, 2009, 11:12 PM
| ||||
| ||||
| Here's the best approach both for functionality & security. Rename the uploaded file to a GUID, store the original file name and the new file name in the database. Example: Create two fields in your database called "originalFileName" & "newFileName". The "originalFileName" field will have the actual name of the file that was uploaded. The "newFileName" field will store the new GUID name of the file after you've renamed it. if you are using an MSSQL database use the data types below. originalFileName varchar(255) newFileName uniqueidentifier The above is for functionality. For security purpose, you NEVER keep the original name of the file. Doing so could allow for injection attacks, such as if someone uploaded a filed called "<script>alert('XSS');</script>.jpg". Also make sure you validate the content of the file so someone can't just rename a .asp file to .jpg (assuming you are allowing only .jpg files) and execute code on your server. For additional details on file upload issues to consider, read the article below. Handling File Uploads |
|
#7
January 6th, 2009, 12:57 PM
| ||||
| ||||
| Hi Memnoch, I read the info and trying to absorb it.... With mehere's help in another post I am currently rename the file uploaded...ex: if they try to use mydoc.doc then it gets renamed with date/time stamp as mydoc_161053.doc and goes on server file (test\testsite\files\) and gets stored in the database field that way too I have field as nvarchar(40) ... is it ok as nvarchar and just change to (255)? Also, if I change to (255) what happens if the users file name is 255 characters long...+ the datetime stamp on it...won't it give an error like in post #1? Thanks for your help!  |
|
#8
January 6th, 2009, 06:08 PM
| ||||
| ||||
| Do you need to be using the nvarchar datatype? If you are accepting only english text (not chinese, japanese, etc...) then you only need to use the varchar character. Difference between nvarchar & varchar data types. Do you force a limitation on the file name length? Do you validate that the file name does not contain malicious characters? If you keeping the original file name, then you'll have to validate the length of the file name after you append the timestamp to it. |
 |
|
| Bookmarks |
« Previous Thread
|
Next Thread »
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
| ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Form: Textarea (restrict length) | Rebelle | JavaScript Programming | 2 | September 11th, 2008 10:40 AM |
| [Forms] Field that is a link (rs) and/or text field question | Rebelle | ASP Development | 14 | August 12th, 2008 08:43 AM |
| Free ASP Upload (insert issue) | Rebelle | ASP Development | 3 | July 31st, 2008 09:36 AM |
| Free ASP Upload Question | Rebelle | ASP Development | 3 | July 17th, 2008 12:05 PM |
All times are GMT -4. The time now is 04:16 PM.
