FileUpload Web Server Control Overview

The FileUpload control enables you to provide users with a way to send a file from their computer to the server.

This topic contains:

• Features

• Background

• Code Examples

• Class Reference

Features

You can use the FileUpload control to:

• Enable users to upload files that you store on a specific location on the server.

• Limit the size of the file that can be uploaded.

• Examine the properties of an uploaded file before storing the file.

Back to top

Background

The FileUpload control enables users to upload pictures, text files, or other files. The FileUpload control displays a text box where users can type the name of a file that they want to upload to the server. The control also displays a Browse button that displays a file-navigation dialog box. (The dialog box that is displayed depends on the operating system of the user's computer.) For security reasons, you cannot pre-load the name of a file into the FileUpload control.

Handling Uploaded Files

When users have selected a file to upload and then submitted the page, the file is uploaded as part of the request. The file is cached in its entirety in server memory. When the file has finished uploading, your page code runs.

You can access the uploaded file in the following ways:

• As a byte array exposed in the FileUpload control’s FileBytes property.

• As a stream exposed in the FileContent property.

• As an object of type HttpPostedFile in the PostedFile property. The PostedFile object exposes properties, such as the ContentType and ContentLength properties, that provide you with information about the uploaded file.

When your code runs, you can examine the characteristics of the file, such as its name, size, and MIME type, and you can then save it. You can work with the file as a byte array or stream. Alternatively, both the FileUpload control and the HttpPostedFile object support a SaveAs method that writes the file to disk.

There is no inherent limitation on where you can save uploaded files. However, to save the file, the ASP.NET process must have permission to create files in the location that you specify. In addition, your application might be configured to require an absolute path (not a relative path) for saving the file, which is a security measure. If the requireRootedSaveAsPath attribute of the httpRuntime configuration element is set to true (which is the default), you must provide an absolute path when saving the uploaded file.

The maximum size file that can be uploaded depends on the value of the MaxRequestLength configuration setting. If users attempt to upload a file that is larger than the maximum allowed, the upload fails.

Using the FileUpload Control in Partial-Page Updates

The FileUpload control is designed to be used only in postback scenarios and not in asynchronous postback scenarios during partial-page rendering. When you use a FileUpload control inside an UpdatePanel control, the file must be uploaded by using a control that is a PostBackTrigger object for the panel. UpdatePanel controls are used to update selected regions of a page instead of updating the whole page with a postback. For more information, see UpdatePanel Control Overview and Partial-Page Rendering Overview.

Security and the FileUpload Control

By using the FileUpload control, users can upload potentially malicious files, including script files and executable files. You cannot limit in advance the files that a user can upload. If you want to limit the types of files that a user can upload, you must examine the file characteristics after the file has been uploaded, such as the file's file name extension and the value of the file's ContentType property

Code Examples

How to: Upload Files with the FileUpload Web Server Control

Back to top

Class Reference

The following table lists the classes that relate to the FileUpload control.

Back to top

See Also

Reference

HtmlInputFile