The Design of Software (CLOSED)

A public forum for discussing the design of software, from the user interface to the code architecture. Now closed.

The "Design of Software" discussion group has been merged with the main Joel on Software discussion group.

The archives will remain online indefinitely.

Uploading in asp classic

This code uploads binary files to the server using classic asp/Jscript and I'm thinking maybe it can be improved upon.
Any ideas??

--

function myIDUpload()
{
if(Request.TotalBytes)
{
var adr=current_adress;
var recordSet=Server.CreateObject("ADODB.Recordset");
    recordSet.fields.append(0, 201, Request.TotalBytes);
    recordSet.open();
    recordSet.addNew();
    recordSet.fields(0).appendChunk(Request.binaryRead(Request.TotalBytes));
var data=new String(recordSet.Fields(0)).split("\r\n");
    recordSet.close();

var radr=data[1].replace(/.*filename=[\'\"](.*)[\'\"]/, "$1").replace(/([^\\]+\\)+/,"");

adr=adr+"/"+radr;
adr=adr.replace(/\/\//g,"/");

var contentType=data[2].substr(14);
var fileData=data.slice(4, data.length - 2).join("\r\n");
var fname=Server.MapPath(adr);
try
{
var fso=new ActiveXObject("Scripting.FileSystemObject");
var fil=fso.CreateTextFile(fname, true);    
fil.write(fileData);
fil.close();
}
catch(er){}
}
}
mikael bergkvist Send private email
Saturday, March 25, 2006
 
 
Is it slow to upload?

I've never used the Recordset trick there to pull the upload data...

The way I've done it before was just a do while loop building the bytes.

The funny thing I found using that method, which doesn't matter to you at all probably, is that it's actually faster to write to the disk at each iteration then it is to concatenate the variable in memory. At least in VBscript.
Shane Harter Send private email
Sunday, March 26, 2006
 
 
It's very fast.
The speed might not be the first thing coming to my mind, but the code itself, if it can be improved or with things being added.
mikael bergkvist Send private email
Sunday, March 26, 2006
 
 
Today I'd think more people would use the ADO Stream object instead.
Artad Gobeski
Sunday, March 26, 2006
 
 
How do you do that when uploading files?
I've only used that to fetch remote files.
Where can I find a sample?
Thanx in advance..
mikael bergkvist Send private email
Sunday, March 26, 2006
 
 
The one way I do know of, wouldn't work from firefox or opera, and not on a mac.
mikael bergkvist Send private email
Sunday, March 26, 2006
 
 
I don't have a handy example but it seems to me you just .Write into the Stream object (after setting .Type = adTypeBinary) instead of using .AppendChunk against your Recordset's Field object.
Artad Gobeski
Sunday, March 26, 2006
 
 
Ah, of course.. I'll check that out.
Thanx.
mikael bergkvist Send private email
Sunday, March 26, 2006
 
 
It's not entirely clear to me from a glance at your regexes that your code is secure against directory traversal attacks. In other words, what happens if an attacker specifies a filename of ..\..\path\to\something\sensitive ?

Your code does not check to see if the specified filename already exists. Whether that's a bug or a feature depends on the situation.

Thanks for posting that. I didn't know that you could access uploaded files thorugh a recordset. I've been using http://www.aspupload.com/ , which works well but isn't free.
clcr
Sunday, March 26, 2006
 
 
Hi, I tried this version, but this creates a textfile containing all the data of the *.jpg instead.
I need to access the uploaded image through Request.BinaryRead, and it returns a safeArray, which is text basically, I think..??

--

if(Request.TotalBytes)
{
var Stream=Server.CreateObject("ADODB.Stream");
    Stream.open();
    Stream.Type = 1;
var recordSet=Server.CreateObject("ADODB.Recordset");
    recordSet.fields.append(0, 201, Request.TotalBytes);
    recordSet.open();
    recordSet.addNew();
    recordSet.fields(0).appendChunk(Request.binaryRead(Request.TotalBytes));
    recordSet.Save(Stream);
    Stream.Read;
    Stream.SaveToFile(Server.MapPath("test.jpg"));
    Stream=0;
recordSet.close();
Response.Write("<img src='test.jpg' /><br/>");
}
else
{
Response.Write("Not uploaded anything yet.<br/>");
}
mikael bergkvist Send private email
Sunday, March 26, 2006
 
 
Never mind, I think I know what's wrong.. ;-)
mikael bergkvist Send private email
Sunday, March 26, 2006
 
 
I wouldn't think you'd use a Recordset at all, just a Stream.  You Stream.Write your Request.BinaryRead() results "chunk by chunk."
Artad Gobeski
Sunday, March 26, 2006
 
 
Yeah.. I realised that after I'd posted it already..
  (^-^);;
mikael bergkvist Send private email
Sunday, March 26, 2006
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz