www.gusucode.com > 因特达Access数据库在线管理系统 > 因特达Access数据库在线管理系统\code\access\file_upfile_save.asp
<!--#include file="conn.asp"--> <!--#include file="session.asp"--> <!--#include file="file_incupload.vbs"--> <% set upload=new upload_5xsoft if upload.form("act")="uploadfile" then filepath=replace(upload.form("filepath"),"\","/")''返回的请求路径,不让访问上级目录 if instr(filepath,"\")>0 or instr(filepath,"*")>0 or instr(filepath,"?")>0 or instr(filepath,"'")>0 or instr(filepath,chr(34))>0 then call err1'路径问题 end if if right(filepath,1)<>"/" then filepath=filepath&"/" %> <% basepath=Server.mappath(filepath) set obj_fso=server.createobject("scripting.filesystemobject") 'response.Write(basepath) 'response.End() if not obj_fso.folderexists(basepath) then'目录不存在 call err2 end if %> <html> <head> <title><%=sysname%>--上传文件成功</title> <meta http-equiv="Content-Type" content="text/html; charset=gb2312"> </head> <body> <center> <div style="width:600px;margin-top:100px;padding:3px 0;text-align:left;font-size:12px;color:#990000;border:solid 1px;border-color:#000090 #000090 #cccccc;background:#cccccc">yinteda.com在线文件管理器--上传结果报告</div> <div style="width:600px;padding:30px;font-size:12px;color:#000090;border:solid 1px;border-color:#000090 #000090 #cccccc;"> <% i=0 for each formName in upload.objFile set file=upload.objFile(formName) if file.FileSize>0 then fileName=check_fileName(file.fileName) filePath=basepath&"\"&FileName file.SaveAs filePath'存入文件 response.write file.FileName&" ("&formatnumber(file.FileSize/1024,2,-1)&" K)上传<font color=red>成功!</font><br> " i=i+1 set file=nothing end if next if upload.form("go")="-1" then'说明是单个文件上传,从upftile_a.asp来 response.Write("<script>parent.rightFrame.location.href+=''</script>") response.End() end if set upload=nothing call result'显示结果 else set upload=nothing response.redirect "fsoexplorer.asp?ntime="&ntime end if %> <% sub err1 response.write "<center><div style='width:600px;margin-top:100px;padding:3px 0;text-align:center;font-size:12px;color:#990000;border:solid 1px;border-color:#000090 #000090 #cccccc;background:#cccccc'>yinteda.com在线文件管理器--上传结果报告</div><div style='width:600px;padding:30px;font-size:12px;color:#000090;border:solid 1px;border-color:#000090 #000090 #cccccc;'>" response.write "对不起,没有填写路径或路径中含有非法字符<br><br>" response.write "<input type='button' style='width:65px;height:20px;font-size:12px' value='返回' onclick='window.history.go(-1)'> <input type='button' style='width:65px;height:20px;font-size:12px' value='关闭' onclick='window.close()'></div>"&vbcrlf response.write "<div style='width:600px;padding:3px 0;font-size:12px;color:#000090;border:solid 1px;border-color:#cccccc #000090 #000090;background:#cccccc;'>版权所有:<a href='http://www.yinteda.com' target='_blank'>www.yinteda.com</a> 程序设计:<a href=mailto:138138066@qq.com>138138066@qq.com</a></div>"&vbcrlf&"</center>" response.end end sub %> <% sub err2 set obj_fso=nothing set upload=nothing %> <center><div style='width:600px;margin-top:100px;padding:3px 0;text-align:center;font-size:12px;color:#990000;border:solid 1px;border-color:#000090 #000090 #cccccc;background:#cccccc'>yinteda.com在线文件管理器--上传结果报告</div><div style='width:600px;padding:30px;font-size:12px;color:#000090;border:solid 1px;border-color:#000090 #000090 #cccccc;'> 对不起,目录“<%= filepath %>”不存在,请先创建该目录!<br>" <br><input type='button' style='width:65px;height:20px;font-size:12px' value='返回' onclick='window.history.go(-1)'> <input type='button' style='width:65px;height:20px;font-size:12px' value='关闭' onclick='window.close()'></div> <div style='width:600px;padding:3px 0;font-size:12px;color:#000090;border:solid 1px;border-color:#cccccc #000090 #000090;background:#cccccc;'>版权所有:<a href='http://www.yinteda.com' target='_blank'>www.yinteda.com</a> 程序设计:<a href=mailto:138138066@qq.com>138138066@qq.com</a></div></center> <% response.end end sub %> <% sub result response.write "<br><br><br><b>已上传"&i-j&"个文件!</b><br>" response.write "<br><input type='button' style='width:65px;height:20px;font-size:12px' value='返回' onclick='window.history.go(-1)'> <input type='button' style='width:65px;height:20px;font-size:12px' value='关闭' onclick='window.close()'></div>"&vbcrlf response.write "<div style='width:600px;padding:3px 0;font-size:12px;color:#000090;border:solid 1px;border-color:#cccccc #000090 #000090;background:#cccccc;'>版权所有:<a href='http://www.yinteda.com' target='_blank'>www.yinteda.com</a> 程序设计:<a href=mailto:138138066@qq.com>138138066@qq.com</a></div>"&vbcrlf&"</center>"&vbcrlf response.write "</body>"&vbcrlf response.write "</html>"&vbcrlf end sub %> <% function check_fileName(fileName) if instr(fileName,"\")>0 or instr(fileName,"/")>0 or instr(fileName,"?")>0 or instr(fileName,chr(34))>0 then response.write("<script>alert('文件名出错!');window.history.go(-1)</script>") response.End() end if dim arr,arr1,str str=",HTM,HTML,DOC,XLS,MDB,PPT,RAR,ZIP,JPG,GIF,BMP,PSD,ITF,TXT,PNG,SWF," arr=split(fileName,".") if ubound(arr)>0 then'有后缀名 houName=ucase(arr(ubound(arr)))'后缀名,转成大写 if instr(str,","&houName&",")>0 then'合法后缀名 check_fileName=fileName else response.write "<script>alert('无效后缀名!\r\r以下为有效后缀:\r HTM,HTML,DOC,XLS,MDB,PPT,RAR,ZIP,JPG,GIF,BMP,PSD,ITF,TXT,PNG,SWF');window.history.go(-1)</script>"'改后缀名 response.end() end if else response.write "<script>alert('失败,没有后缀名!');window.history.go(-1)</script>"'没有后缀 response.End() end if end function %>