FileUpload.SaveAs Method
Assembly: System.Web (in system.web.dll)
The SaveAs method saves the contents of a file that is uploaded using the FileUpload control to a specified path on the Web server.
The FileUpload control does not automatically save a file to the server after the user selects the file to upload. You must explicitly provide a control or mechanism to allow the user to submit the specified file. For example, you can provide a button that the user clicks to upload the file. The code that you write to save the specified file should call the SaveAs method, which saves the contents of a file to a specified path on the server. Typically, the SaveAs method is called in an event-handling method for an event that raises a post back to the server. For example, if you provide a button to submit a file, the code to save the file to the server could then be placed inside the event-handling method for the click event.
When you call the SaveAs method, you must specify the full path to the directory on the server in which to save the uploaded file. If you do not explicitly specify a path in your application code, an HttpException exception is thrown when a user attempts to upload a file. This behavior helps to keep the files on the server secure, by not allowing users to specify a path in which to save the files that they upload.
Before calling the SaveAs method, you should use the HasFile property to verify that the FileUpload control contains a file to upload. If the HasFile returns true, call the SaveAs method. If it returns false, display a message to the user indicating that the control does not contain a file. If you do not provide error-handling code to verify that a file exists, an attempt to save a nonexistent file throws an HttpException exception.
For a call to the SaveAs to work, the ASP.NET application must have write access to the directory on the server. There are two ways that the application can get write access. You can explicitly grant write access to the account under which the application is running, in the directory in which the uploaded files will be saved. Alternatively, you can increase the level of trust that is granted to the ASP.NET application. To get write access to the executing directory for the application, the application must be granted the AspNetHostingPermission object with the trust level set to the AspNetHostingPermissionLevel.Medium value. Increasing the level of trust increases the application's access to resources on the server. Note that this is not a secure approach, because a malicious user who gains control of your application will also be able to run under this higher level of trust. It is a best practice to run an ASP.NET application in the context of a user with the minimum privileges that are required for the application to run. For more information on security in ASP.NET applications, see Basic Security Practices for Web Applications and ASP.NET Trust Levels and Policy Files.
The following code example demonstrates how to create a FileUpload control that performs error checking. Before the file is saved, the HasFile method is called to verify that a file to upload actually exists. In addition, the File.Exists method is called to check whether a file with the same name already exists in the path. If it does, the name of the file to upload is prefixed with a number before the SaveAs method is called. This prevents the existing file from being overwritten.
<%@ Page Language="VB" %> <html> <head> <script runat="server"> Sub UploadButton_Click(ByVal sender As Object, ByVal e As System.EventArgs) ' Before attempting to save the file, verify ' that the FileUpload control contains a file. If (FileUpload1.HasFile) Then ' Call a helper method routine to save the file. SaveFile(FileUpload1.PostedFile) Else ' Notify the user that a file was not uploaded. UploadStatusLabel.Text = "You did not specify a file to upload." End If End Sub Sub SaveFile(ByVal file As HttpPostedFile) ' Specify the path to save the uploaded file to. Dim savePath As String = "c:\temp\uploads\" ' Get the name of the file to upload. Dim fileName As String = FileUpload1.FileName ' Create the path and file name to check for duplicates. Dim pathToCheck As String = savePath + fileName ' Create a temporary file name to use for checking duplicates. Dim tempfileName As String ' Check to see if a file already exists with the ' same name as the file to upload. If (System.IO.File.Exists(pathToCheck)) Then Dim counter As Integer = 2 While (System.IO.File.Exists(pathToCheck)) ' If a file with this name already exists, ' prefix the filename with a number. tempfileName = counter.ToString() + fileName pathToCheck = savePath + tempfileName counter = counter + 1 End While fileName = tempfileName ' Notify the user that the file name was changed. UploadStatusLabel.Text = "A file with the same name already exists." + "<br>" + _ "Your file was saved as " + fileName Else ' Notify the user that the file was saved successfully. UploadStatusLabel.Text = "Your file was uploaded successfully." End If ' Append the name of the file to upload to the path. savePath += fileName ' Call the SaveAs method to save the uploaded ' file to the specified directory. FileUpload1.SaveAs(savePath) End Sub </script> </head> <body> <h3>FileUpload.SaveAs Method Example</h3> <form ID="Form1" runat="server"> <h4>Select a file to upload:</h4> <asp:FileUpload id="FileUpload1" runat="server"> </asp:FileUpload> <br><br> <asp:Button id="UploadButton" Text="Upload file" OnClick="UploadButton_Click" runat="server"> </asp:Button> <hr /> <asp:Label id="UploadStatusLabel" runat="server"> </asp:Label> </form> </body> </html>
Windows 98, Windows 2000 SP4, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.