我的文件上传没有创建路径,如果它不存在,它唯一的工作,如果属于用户ID的文件夹实际上已经到位,我需要它上传,无论文件夹是否存在或不。fileupload不创建文件夹,如果它不存在
protected void Button1_Click(object sender, EventArgs e)
{
if (FileUpload1.HasFile)
{
try
{
string theUserId = Session["UserID"].ToString();
OdbcConnection cn = new OdbcConnection("Driver={MySQL ODBC 3.51 Driver}; Server=localhost; Database=gymwebsite2; User=root; Password=commando;");
cn.Open();
string filenameDB = Path.GetFileName(FileUpload1.FileName);
string fileuploadpath = Server.MapPath("~/userdata/" + theUserId + "/uploadedimage/") + Path.GetFileName(FileUpload1.FileName);
FileUpload1.SaveAs(fileuploadpath);
string fileuploadpaths = ("~/userdata/" + theUserId + "/uploadedimage/") + filenameDB;
Label2.Text = "Upload status: File uploaded!";
OdbcCommand cmd = new OdbcCommand("INSERT INTO Pictures (UserID, picturepath) VALUES (" + theUserId + ", '" + fileuploadpaths + "')", cn);
cmd.ExecuteNonQuery();
OdbcCommand md = new OdbcCommand("UPDATE User SET flag = 0 WHERE UserId = '" + theUserId + "'", cn);
// OdbcCommand cmd = new OdbcCommand("UPDATE Pictures SET picturepath ='" + fileuploadpaths + "' WHERE UserId = '" + theUserId + "'", cn);
md.ExecuteNonQuery();
Response.Redirect("UserProfileWall.aspx");
}
catch (Exception ex)
{
Label2.Text = "Upload status: The file could not be uploaded. The following error occured: " + ex.Message;
}
}
}
}
见http://stackoverflow.com/questions/4535627/where-is-the-best-place-to-save-images-from-users-upload/4535684#4535684关于如何的一些最佳做法你应该这样做。你目前的做法是不安全的。 – 2011-04-06 21:00:18
你真的没有得到任何有关您的代码易受SQL注入和使用ADO.NET驱动程序而不是ODBC在您以前的问题中提供给您的建议(http://stackoverflow.com/questions/5544261/new- MySQL的连接错误,香港专业教育学院,从来没有见过的)?有多少次我们必须告诉你,你应该在构建SQL查询时不要使用字符串连接,而是使用参数化查询。 – 2011-04-06 21:01:14
即将去达林,只是试图解决我的问题第一 – 2011-04-06 21:05:17