ASP中,为了上传图片,在form表单中用了enctype=multipart/form-data。如何将保存在数据库的图片显示出来
3个回答
展开全部
form表单中用了enctype=multipart/form-data
那么保存的数据会变成乱码或者不显示.
解决办法
1:普通数据表单提交,在上传的地方,用iframe套入上传页面,然后把上传路径传给session值,提交后记录到数据库.
2:在上传的时候,打开一个新窗口页面进行上传,上传之后将路径值回转给本页面的表单文本,然后录入数据库.
第一种方法我不举例了,那种是最傻瓜式的,也是有一点坏处,第二种我举例
index.html
<form name="form1" action="xxxx.asp" method="post">
姓名:<input name="names" type="text"><br/>
照片:<input name="Memo" type="text" size="30" value="可以手动填入图片路径">
<input type="button" name="Submit11" value="上传图片" onClick="window.open('upfile.asp?formname=form1&editname=Memo&uppath=/upfile&filelx=jpg','','status=no,scrollbars=no,top=20,left=110,width=420,height=165')">
'在这里填好表单更换的值,注意Memo这个就是文本名,区分大小写
</form>
upfile.asp
<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css">
<!--
td{font-size:12px}
a{color:#000000;text-decoration: none}
a:hover{text-decoration: underline}
.tx{height:16px;width:30px;border-color:black black #000000;border-top-width:0px;border-right-width: 0px; border-bottom-width: 1px; border-left-width: 0px; font-size: 12px; background-color: #eeeeee; color: #0000FF}
.button{font-size:12px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;border-left-width: 0px; height: 16px; width: 80px; background-color: #eeeeee; cursor: hand}
.tx1{height:20px;width:30px;font-size:12px;border:1px solid;border-color:black black #000000;color: #0000FF}
-->
</style>
<script language="javascript">
<!--
function mysub()
{
var strFileName=form1.file1.value;
if (strFileName=="")
{
alert("请选择要上传的文件");
return false;
}
esave.style.visibility="visible";
}
-->
</script>
</head>
<body bgcolor="#FFFFFF" text="#000000">
<form name="form1" method="post" action="uploadnew.asp" enctype="multipart/form-data" onSubmit="return mysub()">
<div id="esave" style="position:absolute; top:18px; left:40px; z-index:10; visibility:hidden">
<TABLE WIDTH=340 BORDER=0 CELLSPACING=0 CELLPADDING=0>
<TR><td width=20%></td>
<TD bgcolor=#104A7B width="60%">
<TABLE WIDTH=100% height=120 BORDER=0 CELLSPACING=1 CELLPADDING=0>
<TR>
<td bgcolor=#eeeeee align=center><font color=red>正在上传文件,请稍候...</font></td>
</tr>
</table>
</td><td width=20%></td>
</tr>
</table>
</div>
<table width="400" border="0" cellspacing="1" cellpadding="0" align="center" bgcolor="#6A7F9A">
<tr>
<td height="22" align="left" valign="middle" width="400"><input type="hidden" name="EditName" value="<%=EditName%>">
<input type="hidden" name="FormName" value="<%=formName%>">
<input type="hidden" name="act" value="uploadfile">
</td>
</tr>
<tr align="center" valign="middle">
<td align="left" id="upid" height="80" width="400" bgcolor="#FFFFFF"> 选择文件:
<input type="file" name="file1" style="width:300'" class="tx1" value="">
</td>
</tr>
<tr align="center" valign="middle">
<td height="24" width="400">
<input type="submit" name="Submit" value="· 开始上传 ·" class="button">
</td>
</tr>
</table>
</form>
</body>
</html>
up.asp
<%
class clsUp '文件上传类
'------------------------
Dim Form,File
Dim AllowExt_ '允许上传类型(白名单)
Dim NoAllowExt_ '不允许上传类型(黑名单)
Private oUpFileStream '上传的数据流
Private isErr_ '错误的代码,0或true表示无错
Private ErrMessage_ '错误的字符串信息
Private isGetData_ '指示是否已执行过GETDATA过程
'------------------------------------------------------------------
'类的属性
Public Property Get Version
Version=""
End Property
Public Property Get isErr '错误的代码,0或true表示无错
isErr=isErr_
End Property
Public Property Get ErrMessage '错误的字符串信息
ErrMessage=ErrMessage_
End Property
Public Property Get AllowExt '允许上传类型(白名单)
AllowExt=AllowExt_
End Property
Public Property Let AllowExt(Value) '允许上传类型(白名单)
AllowExt_=LCase(Value)
End Property
Public Property Get NoAllowExt '不允许上传类型(黑名单)
NoAllowExt=NoAllowExt_
End Property
Public Property Let NoAllowExt(Value) '不允许上传类型(黑名单)
NoAllowExt_=LCase(Value)
End Property
'----------------------------------------------------------------
'类实现代码
'初始化类
Private Sub Class_Initialize
isErr_ = 0
NoAllowExt="" '黑名单,可以在这里预设不可上传的文件类型,以文件的后缀名来判断,不分大小写,每个每缀名用;号分开,如果黑名单为空,则判断白名单
NoAllowExt=LCase(NoAllowExt)
AllowExt="" '白名单,可以在这里预设可上传的文件类型,以文件的后缀名来判断,不分大小写,每个后缀名用;号分开
AllowExt=LCase(AllowExt)
isGetData_=false
End Sub
'类结束
Private Sub Class_Terminate
on error Resume Next
'清除变量及对像
Form.RemoveAll
Set Form = Nothing
File.RemoveAll
Set File = Nothing
oUpFileStream.Close
Set oUpFileStream = Nothing
End Sub
'分析上传的数据
Public Sub GetData (MaxSize)
'定义变量
on error Resume Next
if isGetData_=false then
Dim aaaaaa,sSpace,bCrLf,sInfo,iInfoStart,iInfoEnd,tStream,iStart,ofileinfo
Dim sFormValue,sFileName
Dim iFindStart,iFindEnd
Dim iFormStart,iFormEnd,sFormName
'代码开始
If Request.TotalBytes < 1 Then '如果没有数据上传
isErr_ = 1
ErrMessage_="没有数据上传"
Exit Sub
End If
If MaxSize > 0 Then '如果限制大小
If Request.TotalBytes > MaxSize Then
isErr_ = 2 '如果上传的数据超出限制大小
ErrMessage_="上传的数据超出限制大小"
Exit Sub
End If
End If
Set Form = Server.CreateObject ("Scripting.Dictionary")
Form.CompareMode = 1
Set File = Server.CreateObject ("Scripting.Dictionary")
File.CompareMode = 1
Set tStream = Server.CreateObject ("ADODB.Stream")
Set oUpFileStream = Server.CreateObject ("ADODB.Stream")
oUpFileStream.Type = 1
oUpFileStream.Mode = 3
oUpFileStream.Open
oUpFileStream.Write Request.BinaryRead (Request.TotalBytes)
oUpFileStream.Position = 0
aaaaaa = oUpFileStream.Read
iFormEnd = oUpFileStream.Size
bCrLf = ChrB (13) & ChrB (10)
'取得每个项目之间的分隔符
sSpace = MidB (aaaaaa,1, InStrB (1,aaaaaa,bCrLf)-1)
iStart = LenB(sSpace)
iFormStart = iStart+2
'分解项目
Do
iInfoEnd = InStrB (iFormStart,aaaaaa,bCrLf & bCrLf)+3
tStream.Type = 1
tStream.Mode = 3
tStream.Open
oUpFileStream.Position = iFormStart
oUpFileStream.CopyTo tStream,iInfoEnd-iFormStart
tStream.Position = 0
tStream.Type = 2
tStream.CharSet = "gb2312"
sInfo = tStream.ReadText
'取得表单项目名称
iFormStart = InStrB (iInfoEnd,aaaaaa,sSpace)-1
iFindStart = InStr (22,sInfo,"name=""",1)+6
iFindEnd = InStr (iFindStart,sInfo,"""",1)
sFormName = Mid (sinfo,iFindStart,iFindEnd-iFindStart)
'如果是文件
If InStr (45,sInfo,"filename=""",1) > 0 Then
Set ofileinfo = new clsFileInfo
'取得文件属性
iFindStart = InStr (iFindEnd,sInfo,"filename=""",1)+10
iFindEnd = InStr (iFindStart,sInfo,""""&vbCrLf,1)
sFileName = Mid (sinfo,iFindStart,iFindEnd-iFindStart)
ofileinfo.FileName = GetFileName(sFileName)
ofileinfo.FilePath = GetFilePath(sFileName)
ofileinfo.FileExt = GetFileExt(sFileName)
iFindStart = InStr (iFindEnd,sInfo,"Content-Type: ",1)+14
iFindEnd = InStr (iFindStart,sInfo,vbCr)
ofileinfo.FileMIME = Mid(sinfo,iFindStart,iFindEnd-iFindStart)
ofileinfo.FileStart = iInfoEnd
ofileinfo.FileSize = iFormStart -iInfoEnd -2
ofileinfo.FormName = sFormName
file.add sFormName,ofileinfo
else
'如果是表单项目
tStream.Close
tStream.Type = 1
tStream.Mode = 3
tStream.Open
oUpFileStream.Position = iInfoEnd
oUpFileStream.CopyTo tStream,iFormStart-iInfoEnd-2
tStream.Position = 0
tStream.Type = 2
tStream.CharSet = "gb2312"
sFormValue = tStream.ReadText
If Form.Exists (sFormName) Then
Form (sFormName) = Form (sFormName) & ", " & sFormValue
else
Form.Add sFormName,sFormValue
End If
End If
tStream.Close
iFormStart = iFormStart+iStart+2
'如果到文件尾了就退出
Loop Until (iFormStart+2) >= iFormEnd
aaaaaa = ""
Set tStream = Nothing
isGetData_=true
end if
End Sub
'保存到文件,自动覆盖已存在的同名文件
Public Function SaveToFile(Item,Path)
SaveToFile=SaveToFileEx(Item,Path,True)
End Function
'保存到文件,自动设置文件名
Public Function AutoSave(Item,Path)
AutoSave=SaveToFileEx(Item,Path,false)
End Function
'保存到文件,OVER为真时,自动覆盖已存在的同名文件,否则自动把文件改名保存
Private Function SaveToFileEx(Item,Path,Over)
On Error Resume Next
Dim oFileStream
Dim tmpPath
Dim nohack '防黑缓冲
isErr=0
Set oFileStream = CreateObject ("ADODB.Stream")
oFileStream.Type = 1
oFileStream.Mode = 3
oFileStream.Open
oUpFileStream.Position = File(Item).FileStart
oUpFileStream.CopyTo oFileStream,File(Item).FileSize
nohack=split(path,".") '重要修改,防止黑客"\0"断名伪装!!!
tmpPath=nohack(0)&"."&nohack(ubound(nohack)) '重要修改,防止黑客"\0"断名伪装!!!
if Over then
if isAllowExt(GetFileExt(tmpPath)) then
oFileStream.SaveToFile tmpPath,2
Else
isErr_=3
ErrMessage_="该后缀名的文件不允许上传!"
End if
Else
Path=GetFilePath(Path)
if isAllowExt(File(Item).FileExt) then
do
Err.Clear()
nohack=split(Path&GetNewFileName()&"."&File(Item).FileExt,".") '重要修改,防止黑客"\0"断名伪装!!!
tmpPath=nohack(0)&"."&nohack(ubound(nohack)) '重要修改,防止黑客"\0"断名伪装!!!
oFileStream.SaveToFile tmpPath
loop Until Err.number<1
oFileStream.SaveToFile Path
Else
isErr_=3
ErrMessage_="该后缀名的文件不允许上传!"
End if
End if
oFileStream.Close
Set oFileStream = Nothing
if isErr_=3 then SaveToFileEx="" else SaveToFileEx=GetFileName(tmpPath)
End Function
'取得文件数据
Public Function FileData(Item)
isErr_=0
if isAllowExt(File(Item).FileExt) then
oUpFileStream.Position = File(Item).FileStart
FileData = oUpFileStream.Read (File(Item).FileSize)
Else
isErr_=3
ErrMessage_="该后缀名的文件不允许上传!"
FileData=""
End if
End Function
'取得文件路径
Public function GetFilePath(FullPath)
If FullPath <> "" Then
GetFilePath = Left(FullPath,InStrRev(FullPath, "\"))
Else
GetFilePath = ""
End If
End function
'取得文件名
Public Function GetFileName(FullPath)
If FullPath <> "" Then
GetFileName = mid(FullPath,InStrRev(FullPath, "\")+1)
Else
GetFileName = ""
End If
End function
'取得文件的后缀名
Public Function GetFileExt(FullPath)
If FullPath <> "" Then
GetFileExt = LCase(Mid(FullPath,InStrRev(FullPath, ".")+1))
Else
GetFileExt = ""
End If
End function
'取得一个不重复的序号
Public Function GetNewFileName()
dim ranNum
dim dtNow
dtNow=Now()
ranNum=int(90000*rnd)+10000
GetNewFileName=year(dtNow) & right("0" & month(dtNow),2) & right("0" & day(dtNow),2) & right("0" & hour(dtNow),2) & right("0" & minute(dtNow),2) & right("0" & second(dtNow),2) & ranNum
End Function
Public Function isAllowExt(Ext)
if NoAllowExt="" then
isAllowExt=cbool(InStr(1,";"&AllowExt&";",LCase(";"&Ext&";")))
else
isAllowExt=not CBool(InStr(1,";"&NoAllowExt&";",LCase(";"&Ext&";")))
end if
End Function
End Class
'----------------------------------------------------------------------------------------------------
'文件属性类
Class clsFileInfo
Dim FormName,FileName,FilePath,FileSize,FileMIME,FileStart,FileExt
End Class
%>
UpLoadNew.asp
<%
filepath="/Uploadfile/" '上传路径
filepathname = "/Uploadfile/"
set upload=new clsUp '建立上传对象
upload.NoAllowExt="asp;asa;cer;aspx;cs;vb;js;zip;rar;exe" '设置上传类型的黑名单
upload.GetData (3072000) '取得上传数据,限制最大上传3M
if upload.form("act")="uploadfile" then
for each formName in upload.File
set file=upload.File(formName)
fileExt=lcase(file.FileExt) '得到的文件扩展名不含有.
if file.filesize<10 then
response.write "<span style=""font-family: 宋体; font-size: 9pt"">请先选择你要上传的文件! [ <a href=# onclick=history.go(-1)>重新上传</a> ]</span>"
response.end
end if
if file.filesize>(3000*1024) then
response.write "<span style=""font-family: 宋体; font-size: 9pt"">最大只能上传 3000K 的图片文件! [ <a href=# onclick=history.go(-1)>重新上传</a> ]</span>"
response.end
end if
dtNow=Now()
randomize
ranNum=int(90000*rnd)+10000
filename1=year(dtNow) & right("0" & month(dtNow),2) & right("0" & day(dtNow),2) & right("0" & hour(dtNow),2) & right("0" & minute(dtNow),2) & right("0" & second(dtNow),2) & ranNum &"."&fileExt
filename=filepath&filename1
filelstname=filepathname&filename1
if file.FileSize>0 then ''如果 FileSize > 0 说明有文件数据
upload.SaveToFile formName,Server.mappath(FileName)
'这里可以存数据库
if upload.form("EditName")="content" then
strJS="<SCRIPT language=javascript>" & vbcrlf
strJS=strJS & "content=window.opener.document.myform.content.value;"
strJS=strJS &"content=content+'<a href=" & filelstname & " target=""_blank""><div align=""center""><img src=" &filelstname & " border=""0""></div></a><br><br>';" & vbcrlf
'strJS=strJS &"content=content+'<a href=" & "../"&filelstname & " target=""_blank""><img src=" & "../"&filelstname & " border=""0""></a><br><br>';" & vbcrlf
strJS=strJS & "window.opener.document.myform.content.value=content;" & vbcrlf
strJS=strJS & "</script>"
response.write strJS
else
response.write "<script>window.opener.document."&upload.form("FormName")&"."&upload.form("EditName")&".value='"&filelstname&"'</script>"
end if
%>
<script language="javascript">
window.alert("文件上传成功!请修改链接地址!");
window.close();
</script>
<%
end if
set file=nothing
next
set upload=nothing
end if
%>
那么保存的数据会变成乱码或者不显示.
解决办法
1:普通数据表单提交,在上传的地方,用iframe套入上传页面,然后把上传路径传给session值,提交后记录到数据库.
2:在上传的时候,打开一个新窗口页面进行上传,上传之后将路径值回转给本页面的表单文本,然后录入数据库.
第一种方法我不举例了,那种是最傻瓜式的,也是有一点坏处,第二种我举例
index.html
<form name="form1" action="xxxx.asp" method="post">
姓名:<input name="names" type="text"><br/>
照片:<input name="Memo" type="text" size="30" value="可以手动填入图片路径">
<input type="button" name="Submit11" value="上传图片" onClick="window.open('upfile.asp?formname=form1&editname=Memo&uppath=/upfile&filelx=jpg','','status=no,scrollbars=no,top=20,left=110,width=420,height=165')">
'在这里填好表单更换的值,注意Memo这个就是文本名,区分大小写
</form>
upfile.asp
<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css">
<!--
td{font-size:12px}
a{color:#000000;text-decoration: none}
a:hover{text-decoration: underline}
.tx{height:16px;width:30px;border-color:black black #000000;border-top-width:0px;border-right-width: 0px; border-bottom-width: 1px; border-left-width: 0px; font-size: 12px; background-color: #eeeeee; color: #0000FF}
.button{font-size:12px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;border-left-width: 0px; height: 16px; width: 80px; background-color: #eeeeee; cursor: hand}
.tx1{height:20px;width:30px;font-size:12px;border:1px solid;border-color:black black #000000;color: #0000FF}
-->
</style>
<script language="javascript">
<!--
function mysub()
{
var strFileName=form1.file1.value;
if (strFileName=="")
{
alert("请选择要上传的文件");
return false;
}
esave.style.visibility="visible";
}
-->
</script>
</head>
<body bgcolor="#FFFFFF" text="#000000">
<form name="form1" method="post" action="uploadnew.asp" enctype="multipart/form-data" onSubmit="return mysub()">
<div id="esave" style="position:absolute; top:18px; left:40px; z-index:10; visibility:hidden">
<TABLE WIDTH=340 BORDER=0 CELLSPACING=0 CELLPADDING=0>
<TR><td width=20%></td>
<TD bgcolor=#104A7B width="60%">
<TABLE WIDTH=100% height=120 BORDER=0 CELLSPACING=1 CELLPADDING=0>
<TR>
<td bgcolor=#eeeeee align=center><font color=red>正在上传文件,请稍候...</font></td>
</tr>
</table>
</td><td width=20%></td>
</tr>
</table>
</div>
<table width="400" border="0" cellspacing="1" cellpadding="0" align="center" bgcolor="#6A7F9A">
<tr>
<td height="22" align="left" valign="middle" width="400"><input type="hidden" name="EditName" value="<%=EditName%>">
<input type="hidden" name="FormName" value="<%=formName%>">
<input type="hidden" name="act" value="uploadfile">
</td>
</tr>
<tr align="center" valign="middle">
<td align="left" id="upid" height="80" width="400" bgcolor="#FFFFFF"> 选择文件:
<input type="file" name="file1" style="width:300'" class="tx1" value="">
</td>
</tr>
<tr align="center" valign="middle">
<td height="24" width="400">
<input type="submit" name="Submit" value="· 开始上传 ·" class="button">
</td>
</tr>
</table>
</form>
</body>
</html>
up.asp
<%
class clsUp '文件上传类
'------------------------
Dim Form,File
Dim AllowExt_ '允许上传类型(白名单)
Dim NoAllowExt_ '不允许上传类型(黑名单)
Private oUpFileStream '上传的数据流
Private isErr_ '错误的代码,0或true表示无错
Private ErrMessage_ '错误的字符串信息
Private isGetData_ '指示是否已执行过GETDATA过程
'------------------------------------------------------------------
'类的属性
Public Property Get Version
Version=""
End Property
Public Property Get isErr '错误的代码,0或true表示无错
isErr=isErr_
End Property
Public Property Get ErrMessage '错误的字符串信息
ErrMessage=ErrMessage_
End Property
Public Property Get AllowExt '允许上传类型(白名单)
AllowExt=AllowExt_
End Property
Public Property Let AllowExt(Value) '允许上传类型(白名单)
AllowExt_=LCase(Value)
End Property
Public Property Get NoAllowExt '不允许上传类型(黑名单)
NoAllowExt=NoAllowExt_
End Property
Public Property Let NoAllowExt(Value) '不允许上传类型(黑名单)
NoAllowExt_=LCase(Value)
End Property
'----------------------------------------------------------------
'类实现代码
'初始化类
Private Sub Class_Initialize
isErr_ = 0
NoAllowExt="" '黑名单,可以在这里预设不可上传的文件类型,以文件的后缀名来判断,不分大小写,每个每缀名用;号分开,如果黑名单为空,则判断白名单
NoAllowExt=LCase(NoAllowExt)
AllowExt="" '白名单,可以在这里预设可上传的文件类型,以文件的后缀名来判断,不分大小写,每个后缀名用;号分开
AllowExt=LCase(AllowExt)
isGetData_=false
End Sub
'类结束
Private Sub Class_Terminate
on error Resume Next
'清除变量及对像
Form.RemoveAll
Set Form = Nothing
File.RemoveAll
Set File = Nothing
oUpFileStream.Close
Set oUpFileStream = Nothing
End Sub
'分析上传的数据
Public Sub GetData (MaxSize)
'定义变量
on error Resume Next
if isGetData_=false then
Dim aaaaaa,sSpace,bCrLf,sInfo,iInfoStart,iInfoEnd,tStream,iStart,ofileinfo
Dim sFormValue,sFileName
Dim iFindStart,iFindEnd
Dim iFormStart,iFormEnd,sFormName
'代码开始
If Request.TotalBytes < 1 Then '如果没有数据上传
isErr_ = 1
ErrMessage_="没有数据上传"
Exit Sub
End If
If MaxSize > 0 Then '如果限制大小
If Request.TotalBytes > MaxSize Then
isErr_ = 2 '如果上传的数据超出限制大小
ErrMessage_="上传的数据超出限制大小"
Exit Sub
End If
End If
Set Form = Server.CreateObject ("Scripting.Dictionary")
Form.CompareMode = 1
Set File = Server.CreateObject ("Scripting.Dictionary")
File.CompareMode = 1
Set tStream = Server.CreateObject ("ADODB.Stream")
Set oUpFileStream = Server.CreateObject ("ADODB.Stream")
oUpFileStream.Type = 1
oUpFileStream.Mode = 3
oUpFileStream.Open
oUpFileStream.Write Request.BinaryRead (Request.TotalBytes)
oUpFileStream.Position = 0
aaaaaa = oUpFileStream.Read
iFormEnd = oUpFileStream.Size
bCrLf = ChrB (13) & ChrB (10)
'取得每个项目之间的分隔符
sSpace = MidB (aaaaaa,1, InStrB (1,aaaaaa,bCrLf)-1)
iStart = LenB(sSpace)
iFormStart = iStart+2
'分解项目
Do
iInfoEnd = InStrB (iFormStart,aaaaaa,bCrLf & bCrLf)+3
tStream.Type = 1
tStream.Mode = 3
tStream.Open
oUpFileStream.Position = iFormStart
oUpFileStream.CopyTo tStream,iInfoEnd-iFormStart
tStream.Position = 0
tStream.Type = 2
tStream.CharSet = "gb2312"
sInfo = tStream.ReadText
'取得表单项目名称
iFormStart = InStrB (iInfoEnd,aaaaaa,sSpace)-1
iFindStart = InStr (22,sInfo,"name=""",1)+6
iFindEnd = InStr (iFindStart,sInfo,"""",1)
sFormName = Mid (sinfo,iFindStart,iFindEnd-iFindStart)
'如果是文件
If InStr (45,sInfo,"filename=""",1) > 0 Then
Set ofileinfo = new clsFileInfo
'取得文件属性
iFindStart = InStr (iFindEnd,sInfo,"filename=""",1)+10
iFindEnd = InStr (iFindStart,sInfo,""""&vbCrLf,1)
sFileName = Mid (sinfo,iFindStart,iFindEnd-iFindStart)
ofileinfo.FileName = GetFileName(sFileName)
ofileinfo.FilePath = GetFilePath(sFileName)
ofileinfo.FileExt = GetFileExt(sFileName)
iFindStart = InStr (iFindEnd,sInfo,"Content-Type: ",1)+14
iFindEnd = InStr (iFindStart,sInfo,vbCr)
ofileinfo.FileMIME = Mid(sinfo,iFindStart,iFindEnd-iFindStart)
ofileinfo.FileStart = iInfoEnd
ofileinfo.FileSize = iFormStart -iInfoEnd -2
ofileinfo.FormName = sFormName
file.add sFormName,ofileinfo
else
'如果是表单项目
tStream.Close
tStream.Type = 1
tStream.Mode = 3
tStream.Open
oUpFileStream.Position = iInfoEnd
oUpFileStream.CopyTo tStream,iFormStart-iInfoEnd-2
tStream.Position = 0
tStream.Type = 2
tStream.CharSet = "gb2312"
sFormValue = tStream.ReadText
If Form.Exists (sFormName) Then
Form (sFormName) = Form (sFormName) & ", " & sFormValue
else
Form.Add sFormName,sFormValue
End If
End If
tStream.Close
iFormStart = iFormStart+iStart+2
'如果到文件尾了就退出
Loop Until (iFormStart+2) >= iFormEnd
aaaaaa = ""
Set tStream = Nothing
isGetData_=true
end if
End Sub
'保存到文件,自动覆盖已存在的同名文件
Public Function SaveToFile(Item,Path)
SaveToFile=SaveToFileEx(Item,Path,True)
End Function
'保存到文件,自动设置文件名
Public Function AutoSave(Item,Path)
AutoSave=SaveToFileEx(Item,Path,false)
End Function
'保存到文件,OVER为真时,自动覆盖已存在的同名文件,否则自动把文件改名保存
Private Function SaveToFileEx(Item,Path,Over)
On Error Resume Next
Dim oFileStream
Dim tmpPath
Dim nohack '防黑缓冲
isErr=0
Set oFileStream = CreateObject ("ADODB.Stream")
oFileStream.Type = 1
oFileStream.Mode = 3
oFileStream.Open
oUpFileStream.Position = File(Item).FileStart
oUpFileStream.CopyTo oFileStream,File(Item).FileSize
nohack=split(path,".") '重要修改,防止黑客"\0"断名伪装!!!
tmpPath=nohack(0)&"."&nohack(ubound(nohack)) '重要修改,防止黑客"\0"断名伪装!!!
if Over then
if isAllowExt(GetFileExt(tmpPath)) then
oFileStream.SaveToFile tmpPath,2
Else
isErr_=3
ErrMessage_="该后缀名的文件不允许上传!"
End if
Else
Path=GetFilePath(Path)
if isAllowExt(File(Item).FileExt) then
do
Err.Clear()
nohack=split(Path&GetNewFileName()&"."&File(Item).FileExt,".") '重要修改,防止黑客"\0"断名伪装!!!
tmpPath=nohack(0)&"."&nohack(ubound(nohack)) '重要修改,防止黑客"\0"断名伪装!!!
oFileStream.SaveToFile tmpPath
loop Until Err.number<1
oFileStream.SaveToFile Path
Else
isErr_=3
ErrMessage_="该后缀名的文件不允许上传!"
End if
End if
oFileStream.Close
Set oFileStream = Nothing
if isErr_=3 then SaveToFileEx="" else SaveToFileEx=GetFileName(tmpPath)
End Function
'取得文件数据
Public Function FileData(Item)
isErr_=0
if isAllowExt(File(Item).FileExt) then
oUpFileStream.Position = File(Item).FileStart
FileData = oUpFileStream.Read (File(Item).FileSize)
Else
isErr_=3
ErrMessage_="该后缀名的文件不允许上传!"
FileData=""
End if
End Function
'取得文件路径
Public function GetFilePath(FullPath)
If FullPath <> "" Then
GetFilePath = Left(FullPath,InStrRev(FullPath, "\"))
Else
GetFilePath = ""
End If
End function
'取得文件名
Public Function GetFileName(FullPath)
If FullPath <> "" Then
GetFileName = mid(FullPath,InStrRev(FullPath, "\")+1)
Else
GetFileName = ""
End If
End function
'取得文件的后缀名
Public Function GetFileExt(FullPath)
If FullPath <> "" Then
GetFileExt = LCase(Mid(FullPath,InStrRev(FullPath, ".")+1))
Else
GetFileExt = ""
End If
End function
'取得一个不重复的序号
Public Function GetNewFileName()
dim ranNum
dim dtNow
dtNow=Now()
ranNum=int(90000*rnd)+10000
GetNewFileName=year(dtNow) & right("0" & month(dtNow),2) & right("0" & day(dtNow),2) & right("0" & hour(dtNow),2) & right("0" & minute(dtNow),2) & right("0" & second(dtNow),2) & ranNum
End Function
Public Function isAllowExt(Ext)
if NoAllowExt="" then
isAllowExt=cbool(InStr(1,";"&AllowExt&";",LCase(";"&Ext&";")))
else
isAllowExt=not CBool(InStr(1,";"&NoAllowExt&";",LCase(";"&Ext&";")))
end if
End Function
End Class
'----------------------------------------------------------------------------------------------------
'文件属性类
Class clsFileInfo
Dim FormName,FileName,FilePath,FileSize,FileMIME,FileStart,FileExt
End Class
%>
UpLoadNew.asp
<%
filepath="/Uploadfile/" '上传路径
filepathname = "/Uploadfile/"
set upload=new clsUp '建立上传对象
upload.NoAllowExt="asp;asa;cer;aspx;cs;vb;js;zip;rar;exe" '设置上传类型的黑名单
upload.GetData (3072000) '取得上传数据,限制最大上传3M
if upload.form("act")="uploadfile" then
for each formName in upload.File
set file=upload.File(formName)
fileExt=lcase(file.FileExt) '得到的文件扩展名不含有.
if file.filesize<10 then
response.write "<span style=""font-family: 宋体; font-size: 9pt"">请先选择你要上传的文件! [ <a href=# onclick=history.go(-1)>重新上传</a> ]</span>"
response.end
end if
if file.filesize>(3000*1024) then
response.write "<span style=""font-family: 宋体; font-size: 9pt"">最大只能上传 3000K 的图片文件! [ <a href=# onclick=history.go(-1)>重新上传</a> ]</span>"
response.end
end if
dtNow=Now()
randomize
ranNum=int(90000*rnd)+10000
filename1=year(dtNow) & right("0" & month(dtNow),2) & right("0" & day(dtNow),2) & right("0" & hour(dtNow),2) & right("0" & minute(dtNow),2) & right("0" & second(dtNow),2) & ranNum &"."&fileExt
filename=filepath&filename1
filelstname=filepathname&filename1
if file.FileSize>0 then ''如果 FileSize > 0 说明有文件数据
upload.SaveToFile formName,Server.mappath(FileName)
'这里可以存数据库
if upload.form("EditName")="content" then
strJS="<SCRIPT language=javascript>" & vbcrlf
strJS=strJS & "content=window.opener.document.myform.content.value;"
strJS=strJS &"content=content+'<a href=" & filelstname & " target=""_blank""><div align=""center""><img src=" &filelstname & " border=""0""></div></a><br><br>';" & vbcrlf
'strJS=strJS &"content=content+'<a href=" & "../"&filelstname & " target=""_blank""><img src=" & "../"&filelstname & " border=""0""></a><br><br>';" & vbcrlf
strJS=strJS & "window.opener.document.myform.content.value=content;" & vbcrlf
strJS=strJS & "</script>"
response.write strJS
else
response.write "<script>window.opener.document."&upload.form("FormName")&"."&upload.form("EditName")&".value='"&filelstname&"'</script>"
end if
%>
<script language="javascript">
window.alert("文件上传成功!请修改链接地址!");
window.close();
</script>
<%
end if
set file=nothing
next
set upload=nothing
end if
%>
展开全部
dim rs
set rs=server.createobject("ADODB.recordset")
sql="select img_file from images_table where img_ID="&request("id")
rs.open sql,conn,1,1
Response.ContentType = "image/*"
Response.BinaryWrite rs("img_file").getChunk(7500000)
rs.close
set rs=nothing
set rs=server.createobject("ADODB.recordset")
sql="select img_file from images_table where img_ID="&request("id")
rs.open sql,conn,1,1
Response.ContentType = "image/*"
Response.BinaryWrite rs("img_file").getChunk(7500000)
rs.close
set rs=nothing
本回答被网友采纳
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
推荐律师服务:
若未解决您的问题,请您详细描述您的问题,通过百度律临进行免费专业咨询