4个回答
展开全部
无惧无组件上传:
这是放到前面让选择图片的代码和上传按钮 <form action="Upfile_ProductPic.asp?Act=index" method="post" name="form2" onSubmit="return check()" enctype="multipart/form-data">
<input name="FileName" type="FILE" class="tx1" size="22">
<input type="submit" name="Submit1" value="上传" style="border:1px double rgb(88,88,88);font:9pt">
</form>
这是Upfile_ProductPic.asp文件,修改下存储路径和数据表
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><%@language=vbscript codepage=936 %>
<!--#include file="config.asp"-->
<!--#include file="upfile_class.asp"-->
<!--#include virtual="/config/config.asp"-->
<%
picname=Requesta("Act")
const upload_type=0 '上传方法:0=无惧无组件上传类,1=FSO上传 2=lyfupload,3=aspupload,4=chinaaspupload
'const SaveUpProductPicPath="UploadProductPic"
'const UpProductPicType="jpg|gif|png|bmp"
'const MaxProductPicSize=20480000
dim upload,oFile,formName,SavePath,FileName,fileExt,oFileSize
dim EnableUpload
dim arrUpFileType
dim ranNum
dim msg,FoundErr
msg=""
FoundErr=false
EnableUpload=false
SavePath = "upfiles/" '存放上传文件的目录
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
</head>
<body leftmargin="2" topmargin="5" marginwidth="0" marginheight="0">
<%
if EnableUploadFile="No" then
response.write "系统未开放文件上传功能"
else
select case upload_type
case 0
call upload_0() '使用化境无组件上传类
case else
'response.write "本系统未开放插件功能"
'response.end
end select
end if
%>
</body>
</html>
<%
sub upload_0() '使用化境无组件上传类
set upload=new upfile_class ''建立上传对象
upload.GetData(20480000) '取得上传数据,限制最大上传500K
if upload.err > 0 then '如果出错
select case upload.err
case 1
response.write "请先选择你要上传的文件!"
case 2
response.write "你上传的文件总大小超出了最大限制(20M)"
end select
response.end
end if
for each formName in upload.file '列出所有上传了的文件
EnableUpload=False
set ofile=upload.file(formName) '生成一个文件对象
oFileSize=ofile.filesize
if oFileSize<10 then
msg="请先选择你要上传的文件!!"
FoundErr=True
elseif ofilesize>(MaxProductPicSize*1024) then
msg="文件大小超过了限制,最大只能上传" & CStr(MaxProductPicSize) & "K的文件!"
FoundErr=true
end if
fileExt=lcase(ofile.FileExt)
arrUpFileType=split(UpProductPicType,"|")
for i=0 to ubound(arrUpFileType)
if fileEXT=trim(arrUpFileType(i)) then
EnableUpload=true
exit for
end if
next
if fileEXT="asp" or fileEXT="asa" or fileEXT="aspx" or fileEXT="cer" or fileEXT="cdx" then
EnableUpload=false
end if
if EnableUpload=false then
msg="这种文件类型不允许上传!\n\n只允许上传这几种文件类型:" & UpProductPicType
FoundErr=true
end if
strJS="<SCRIPT language=javascript>" & vbcrlf
if FoundErr<>true then
randomize
ranNum=int(900*rnd)+100
FileName="../../"&SavePath&picname&"."&fileExt
ofile.SaveToFile Server.mappath(FileName) '保存文件
conn.open constr
sql="update indexPic set p_picture='"&picname&"."&fileExt&"' where p_name='"&picname&"'"
conn.execute(sql)
conn.close
Alert_reDirect "上传成功!","indexPic.asp"
end if
next
set upload=nothing
end sub
%>
这是upfile_class.asp文件,不用更改。
<%
Dim oUpFileStream
'----------------------------------------------------------------------
'文件上传类
Class UpFile_Class
Dim Form,File,Version,Err
Private Sub Class_Initialize
Version = "无惧上传类 Version V1.2"
Err = -1
End Sub
Private Sub Class_Terminate
'清除变量及对像
If Err < 0 Then
Form.RemoveAll
Set Form = Nothing
File.RemoveAll
Set File = Nothing
oUpFileStream.Close
Set oUpFileStream = Nothing
End If
End Sub
Public Sub GetData (MaxSize)
'定义变量
Dim RequestBinDate,sSpace,bCrLf,sInfo,iInfoStart,iInfoEnd,tStream,iStart,oFileInfo
Dim iFileSize,sFilePath,sFileType,sFormValue,sFileName
Dim iFindStart,iFindEnd
Dim iFormStart,iFormEnd,sFormName
'代码开始
If Request.TotalBytes < 1 Then '如果没有数据上传
Err = 1
Exit Sub
End If
If MaxSize > 0 Then '如果限制大小
If Request.TotalBytes > MaxSize Then
Err = 2 '如果上传的数据超出限制
Exit Sub
End If
End If
Set Form = Server.CreateObject ("Scripting.Dictionary")
Form.CompareMode = 1
Set File = Server.CreateObject ("Scripting.Dictionary")
File.CompareMode = 1
Set tStream = Server.CreateObject ("ADODB.Stream")
Set oUpFileStream = Server.CreateObject ("ADODB.Stream")
oUpFileStream.Type = 1
oUpFileStream.Mode = 3
oUpFileStream.Open
oUpFileStream.Write Request.BinaryRead (Request.TotalBytes)
oUpFileStream.Position = 0
RequestBinDate = oUpFileStream.Read
iFormEnd = oUpFileStream.Size
bCrLf = ChrB (13) & ChrB (10)
'取得每个项目之间的分隔符
sSpace = MidB (RequestBinDate,1, InStrB (1,RequestBinDate,bCrLf)-1)
iStart = LenB (sSpace)
iFormStart = iStart+2
'分解项目
Do
iInfoEnd = InStrB (iFormStart,RequestBinDate,bCrLf & bCrLf)+3
tStream.Type = 1
tStream.Mode = 3
tStream.Open
oUpFileStream.Position = iFormStart
oUpFileStream.CopyTo tStream,iInfoEnd-iFormStart
tStream.Position = 0
tStream.Type = 2
tStream.CharSet = "gb2312"
sInfo = tStream.ReadText
'取得表单项目名称
iFormStart = InStrB (iInfoEnd,RequestBinDate,sSpace)-1
iFindStart = InStr (22,sInfo,"name=""",1)+6
iFindEnd = InStr (iFindStart,sInfo,"""",1)
sFormName = Trim(Mid (sinfo,iFindStart,iFindEnd-iFindStart))
'如果是文件
If InStr (45,sInfo,"filename=""",1) > 0 Then
Set oFileInfo = new FileInfo_Class
'取得文件属性
iFindStart = InStr (iFindEnd,sInfo,"filename=""",1)+10
iFindEnd = InStr (iFindStart,sInfo,"""",1)
sFileName = Trim(Mid(sinfo,iFindStart,iFindEnd-iFindStart))
oFileInfo.FileName = Mid (sFileName,InStrRev (sFileName, "\")+1)
oFileInfo.FilePath = Left (sFileName,InStrRev (sFileName, "\"))
oFileInfo.FileExt = Mid (sFileName,InStrRev (sFileName, ".")+1)
iFindStart = InStr (iFindEnd,sInfo,"Content-Type: ",1)+14
iFindEnd = InStr (iFindStart,sInfo,vbCr)
oFileInfo.FileType = Mid (sinfo,iFindStart,iFindEnd-iFindStart)
oFileInfo.FileStart = iInfoEnd
oFileInfo.FileSize = iFormStart -iInfoEnd -2
oFileInfo.FormName = sFormName
file.add sFormName,oFileInfo
else
'如果是表单项目
tStream.Close
tStream.Type = 1
tStream.Mode = 3
tStream.Open
oUpFileStream.Position = iInfoEnd
oUpFileStream.CopyTo tStream,iFormStart-iInfoEnd-2
tStream.Position = 0
tStream.Type = 2
tStream.CharSet = "gb2312"
sFormValue = tStream.ReadText
If Form.Exists (sFormName) Then
Form (sFormName) = Form (sFormName) & ", " & sFormValue
else
form.Add sFormName,sFormValue
End If
End If
tStream.Close
iFormStart = iFormStart+iStart+2
'如果到文件尾了就退出
Loop Until (iFormStart+2) >= iFormEnd
RequestBinDate = ""
Set tStream = Nothing
End Sub
End Class
'----------------------------------------------------------------------------------------------------
'文件属性类
Class FileInfo_Class
Dim FormName,FileName,FilePath,FileSize,FileType,FileStart,FileExt
'保存文件方法
Public Function SaveToFile (Path)
if lcase((right(Path,3))<>lcase(FileExt)) then '经典的上传漏洞^_^
response.Write ("<script language=javascript>alert('警告:不允许上传这种文件!');</script>")
response.end
end if
On Error Resume Next
Dim oFileStream
Set oFileStream = CreateObject ("ADODB.Stream")
oFileStream.Type = 1
oFileStream.Mode = 3
oFileStream.Open
oUpFileStream.Position = FileStart
oUpFileStream.CopyTo oFileStream,FileSize
oFileStream.SaveToFile Path,2
oFileStream.Close
Set oFileStream = Nothing
End Function
'取得文件数据
Public Function FileData
oUpFileStream.Position = FileStart
FileData = oUpFileStream.Read (FileSize)
End Function
End Class
'**************************************************
'函数名:IsObjInstalled
'作 用:检查组件是否已经安装
'参 数:strClassString ----组件名
'返回值:True ----已经安装
' False ----没有安装
'**************************************************
Function IsObjInstalled(strClassString)
On Error Resume Next
IsObjInstalled = False
Err = 0
Dim xTestObj
Set xTestObj = Server.CreateObject(strClassString)
If 0 = Err Then IsObjInstalled = True
Set xTestObj = Nothing
Err = 0
End Function
'-------------根据指定名称生成目录---------
Function MakeNewsDir(foldername)
dim fso,f
Set fso = Server.CreateObject("Scripting.FileSystemObject")
Set f = fso.CreateFolder(foldername)
MakeNewsDir = True
Set fso = nothing
End Function
%>
这是放到前面让选择图片的代码和上传按钮 <form action="Upfile_ProductPic.asp?Act=index" method="post" name="form2" onSubmit="return check()" enctype="multipart/form-data">
<input name="FileName" type="FILE" class="tx1" size="22">
<input type="submit" name="Submit1" value="上传" style="border:1px double rgb(88,88,88);font:9pt">
</form>
这是Upfile_ProductPic.asp文件,修改下存储路径和数据表
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><%@language=vbscript codepage=936 %>
<!--#include file="config.asp"-->
<!--#include file="upfile_class.asp"-->
<!--#include virtual="/config/config.asp"-->
<%
picname=Requesta("Act")
const upload_type=0 '上传方法:0=无惧无组件上传类,1=FSO上传 2=lyfupload,3=aspupload,4=chinaaspupload
'const SaveUpProductPicPath="UploadProductPic"
'const UpProductPicType="jpg|gif|png|bmp"
'const MaxProductPicSize=20480000
dim upload,oFile,formName,SavePath,FileName,fileExt,oFileSize
dim EnableUpload
dim arrUpFileType
dim ranNum
dim msg,FoundErr
msg=""
FoundErr=false
EnableUpload=false
SavePath = "upfiles/" '存放上传文件的目录
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
</head>
<body leftmargin="2" topmargin="5" marginwidth="0" marginheight="0">
<%
if EnableUploadFile="No" then
response.write "系统未开放文件上传功能"
else
select case upload_type
case 0
call upload_0() '使用化境无组件上传类
case else
'response.write "本系统未开放插件功能"
'response.end
end select
end if
%>
</body>
</html>
<%
sub upload_0() '使用化境无组件上传类
set upload=new upfile_class ''建立上传对象
upload.GetData(20480000) '取得上传数据,限制最大上传500K
if upload.err > 0 then '如果出错
select case upload.err
case 1
response.write "请先选择你要上传的文件!"
case 2
response.write "你上传的文件总大小超出了最大限制(20M)"
end select
response.end
end if
for each formName in upload.file '列出所有上传了的文件
EnableUpload=False
set ofile=upload.file(formName) '生成一个文件对象
oFileSize=ofile.filesize
if oFileSize<10 then
msg="请先选择你要上传的文件!!"
FoundErr=True
elseif ofilesize>(MaxProductPicSize*1024) then
msg="文件大小超过了限制,最大只能上传" & CStr(MaxProductPicSize) & "K的文件!"
FoundErr=true
end if
fileExt=lcase(ofile.FileExt)
arrUpFileType=split(UpProductPicType,"|")
for i=0 to ubound(arrUpFileType)
if fileEXT=trim(arrUpFileType(i)) then
EnableUpload=true
exit for
end if
next
if fileEXT="asp" or fileEXT="asa" or fileEXT="aspx" or fileEXT="cer" or fileEXT="cdx" then
EnableUpload=false
end if
if EnableUpload=false then
msg="这种文件类型不允许上传!\n\n只允许上传这几种文件类型:" & UpProductPicType
FoundErr=true
end if
strJS="<SCRIPT language=javascript>" & vbcrlf
if FoundErr<>true then
randomize
ranNum=int(900*rnd)+100
FileName="../../"&SavePath&picname&"."&fileExt
ofile.SaveToFile Server.mappath(FileName) '保存文件
conn.open constr
sql="update indexPic set p_picture='"&picname&"."&fileExt&"' where p_name='"&picname&"'"
conn.execute(sql)
conn.close
Alert_reDirect "上传成功!","indexPic.asp"
end if
next
set upload=nothing
end sub
%>
这是upfile_class.asp文件,不用更改。
<%
Dim oUpFileStream
'----------------------------------------------------------------------
'文件上传类
Class UpFile_Class
Dim Form,File,Version,Err
Private Sub Class_Initialize
Version = "无惧上传类 Version V1.2"
Err = -1
End Sub
Private Sub Class_Terminate
'清除变量及对像
If Err < 0 Then
Form.RemoveAll
Set Form = Nothing
File.RemoveAll
Set File = Nothing
oUpFileStream.Close
Set oUpFileStream = Nothing
End If
End Sub
Public Sub GetData (MaxSize)
'定义变量
Dim RequestBinDate,sSpace,bCrLf,sInfo,iInfoStart,iInfoEnd,tStream,iStart,oFileInfo
Dim iFileSize,sFilePath,sFileType,sFormValue,sFileName
Dim iFindStart,iFindEnd
Dim iFormStart,iFormEnd,sFormName
'代码开始
If Request.TotalBytes < 1 Then '如果没有数据上传
Err = 1
Exit Sub
End If
If MaxSize > 0 Then '如果限制大小
If Request.TotalBytes > MaxSize Then
Err = 2 '如果上传的数据超出限制
Exit Sub
End If
End If
Set Form = Server.CreateObject ("Scripting.Dictionary")
Form.CompareMode = 1
Set File = Server.CreateObject ("Scripting.Dictionary")
File.CompareMode = 1
Set tStream = Server.CreateObject ("ADODB.Stream")
Set oUpFileStream = Server.CreateObject ("ADODB.Stream")
oUpFileStream.Type = 1
oUpFileStream.Mode = 3
oUpFileStream.Open
oUpFileStream.Write Request.BinaryRead (Request.TotalBytes)
oUpFileStream.Position = 0
RequestBinDate = oUpFileStream.Read
iFormEnd = oUpFileStream.Size
bCrLf = ChrB (13) & ChrB (10)
'取得每个项目之间的分隔符
sSpace = MidB (RequestBinDate,1, InStrB (1,RequestBinDate,bCrLf)-1)
iStart = LenB (sSpace)
iFormStart = iStart+2
'分解项目
Do
iInfoEnd = InStrB (iFormStart,RequestBinDate,bCrLf & bCrLf)+3
tStream.Type = 1
tStream.Mode = 3
tStream.Open
oUpFileStream.Position = iFormStart
oUpFileStream.CopyTo tStream,iInfoEnd-iFormStart
tStream.Position = 0
tStream.Type = 2
tStream.CharSet = "gb2312"
sInfo = tStream.ReadText
'取得表单项目名称
iFormStart = InStrB (iInfoEnd,RequestBinDate,sSpace)-1
iFindStart = InStr (22,sInfo,"name=""",1)+6
iFindEnd = InStr (iFindStart,sInfo,"""",1)
sFormName = Trim(Mid (sinfo,iFindStart,iFindEnd-iFindStart))
'如果是文件
If InStr (45,sInfo,"filename=""",1) > 0 Then
Set oFileInfo = new FileInfo_Class
'取得文件属性
iFindStart = InStr (iFindEnd,sInfo,"filename=""",1)+10
iFindEnd = InStr (iFindStart,sInfo,"""",1)
sFileName = Trim(Mid(sinfo,iFindStart,iFindEnd-iFindStart))
oFileInfo.FileName = Mid (sFileName,InStrRev (sFileName, "\")+1)
oFileInfo.FilePath = Left (sFileName,InStrRev (sFileName, "\"))
oFileInfo.FileExt = Mid (sFileName,InStrRev (sFileName, ".")+1)
iFindStart = InStr (iFindEnd,sInfo,"Content-Type: ",1)+14
iFindEnd = InStr (iFindStart,sInfo,vbCr)
oFileInfo.FileType = Mid (sinfo,iFindStart,iFindEnd-iFindStart)
oFileInfo.FileStart = iInfoEnd
oFileInfo.FileSize = iFormStart -iInfoEnd -2
oFileInfo.FormName = sFormName
file.add sFormName,oFileInfo
else
'如果是表单项目
tStream.Close
tStream.Type = 1
tStream.Mode = 3
tStream.Open
oUpFileStream.Position = iInfoEnd
oUpFileStream.CopyTo tStream,iFormStart-iInfoEnd-2
tStream.Position = 0
tStream.Type = 2
tStream.CharSet = "gb2312"
sFormValue = tStream.ReadText
If Form.Exists (sFormName) Then
Form (sFormName) = Form (sFormName) & ", " & sFormValue
else
form.Add sFormName,sFormValue
End If
End If
tStream.Close
iFormStart = iFormStart+iStart+2
'如果到文件尾了就退出
Loop Until (iFormStart+2) >= iFormEnd
RequestBinDate = ""
Set tStream = Nothing
End Sub
End Class
'----------------------------------------------------------------------------------------------------
'文件属性类
Class FileInfo_Class
Dim FormName,FileName,FilePath,FileSize,FileType,FileStart,FileExt
'保存文件方法
Public Function SaveToFile (Path)
if lcase((right(Path,3))<>lcase(FileExt)) then '经典的上传漏洞^_^
response.Write ("<script language=javascript>alert('警告:不允许上传这种文件!');</script>")
response.end
end if
On Error Resume Next
Dim oFileStream
Set oFileStream = CreateObject ("ADODB.Stream")
oFileStream.Type = 1
oFileStream.Mode = 3
oFileStream.Open
oUpFileStream.Position = FileStart
oUpFileStream.CopyTo oFileStream,FileSize
oFileStream.SaveToFile Path,2
oFileStream.Close
Set oFileStream = Nothing
End Function
'取得文件数据
Public Function FileData
oUpFileStream.Position = FileStart
FileData = oUpFileStream.Read (FileSize)
End Function
End Class
'**************************************************
'函数名:IsObjInstalled
'作 用:检查组件是否已经安装
'参 数:strClassString ----组件名
'返回值:True ----已经安装
' False ----没有安装
'**************************************************
Function IsObjInstalled(strClassString)
On Error Resume Next
IsObjInstalled = False
Err = 0
Dim xTestObj
Set xTestObj = Server.CreateObject(strClassString)
If 0 = Err Then IsObjInstalled = True
Set xTestObj = Nothing
Err = 0
End Function
'-------------根据指定名称生成目录---------
Function MakeNewsDir(foldername)
dim fso,f
Set fso = Server.CreateObject("Scripting.FileSystemObject")
Set f = fso.CreateFolder(foldername)
MakeNewsDir = True
Set fso = nothing
End Function
%>
展开全部
还是用无组件上传吧,简单实用,示例也多。地球人都在用
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
展开全部
upload.asp文件
<%
Function GetFileName(ByVal strFile)
If strFile <> "" Then
GetFileName = mid(strFile,InStrRev(strFile, "\")+1)
Else
GetFileName = ""
End If
End function
strFileName = Request.Form("file1")
Set objStream = Server.CreateObject("ADODB.Stream")
objStream.Type = 1 ' adTypeBinary
objStream.Open
objStream.LoadFromFile strFileName
objStream.SaveToFile Server.MapPath(GetFileName(strFileName)),2
objStream.Close
%>
<%
Function GetFileName(ByVal strFile)
If strFile <> "" Then
GetFileName = mid(strFile,InStrRev(strFile, "\")+1)
Else
GetFileName = ""
End If
End function
strFileName = Request.Form("file1")
Set objStream = Server.CreateObject("ADODB.Stream")
objStream.Type = 1 ' adTypeBinary
objStream.Open
objStream.LoadFromFile strFileName
objStream.SaveToFile Server.MapPath(GetFileName(strFileName)),2
objStream.Close
%>
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
展开全部
一般上传图片常用的是无组件上传,加我HI帮你看看吧!
本回答被提问者采纳
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
推荐律师服务:
若未解决您的问题,请您详细描述您的问题,通过百度律临进行免费专业咨询