How to check the file function?

Question

0.00/5 (No votes)

See more:

How to check the file function.

public void chkfile()
  {
  string abc = "select * from usr_mail where m_id=" + Request.QueryString["mid"];
  c.con.Open();
  SqlCommand cmd = new SqlCommand(abc, c.con);
  SqlDataReader dr = cmd.ExecuteReader();
  dr.Read();
  string strFileName = dr["m_att"].ToString();
  ViewState["fullname"] = strFileName;
  strFileName = strFileName.Substring(strFileName.LastIndexOf(".") + 1);
  ViewState["fileex"] = strFileName.ToString();
  c.con.Close();
  }
public void docopen()
  {
  string strRequest = "Attach/"+ViewState["fullname"].ToString();
  if (strRequest != "")
    {
    string path = Server.MapPath(strRequest);
    System.IO.FileInfo file = new System.IO.FileInfo(path);
    if (file.Exists)
      {
      Response.Clear();
      Response.AddHeader("Content-Disposition", "attachment; filename=" + file.Name);
      Response.AddHeader("Content-Length", file.Length.ToString());
      Response.ContentType = "application/octet-stream";
      Response.WriteFile(file.FullName);
      Response.End();
      }
    else
      { 
      Response.Write("This file does not exist.");
      }
    }
  else
    {
    Response.Write("Please provide a file to download.");
    }
  }
 
public void nwmal()
  {
  String Filename1 = System.DateTime.Now.Day.ToString();
  Filename1 = Filename1 + "-" + System.DateTime.Now.Month.ToString();
  Filename1 = Filename1 + "-" + System.DateTime.Now.Year.ToString();
  c.con.Open();
  string str = "select * from usr_mail where m_rec='" + txt_mailto.Text + "' and m_fuldt='" + Filename1.ToString() + "' order by m_id";
  SqlCommand cmd = new SqlCommand(str, c.con);
  SqlDataReader dr = cmd.ExecuteReader();
  int i = 1;
  while (dr.Read())
    {
    i = i + 1;
    }
  String Filename = System.DateTime.Now.Day.ToString();
  Filename = Filename + "-" + System.DateTime.Now.Month.ToString();
  Filename = Filename + "-" + System.DateTime.Now.Year.ToString();
  ViewState["fname"] = Filename + " (" + i + ")";
  c.con.Close();
  string att = ConfigurationSettings.AppSettings["path"].ToString();
  System.IO.Directory.CreateDirectory(att);
  string path = att + "" + txt_mailto.Text;
  System.IO.Directory.CreateDirectory(path);
  string Filepath = path + "/" + ViewState["fname"].ToString() + ".txt";
  if (Label3.Text == "n")
    ViewState["att1"] = "No";
  else
    ViewState["att1"] = "Yes";
  string content = "From: " + Session["uid"].ToString() + "\r\n\r\nSubject: " + txt_mailsub.Text + "\r\n\r\nAttachment: " + ViewState["att1"].ToString() + "\r\n\r\nMessage: " + txt_mailmsg.Text + "";
  StreamWriter swcontent = new StreamWriter(Filepath);
  swcontent.Write(content);
  File.SetAttributes(Filepath, FileAttributes.ReadOnly);
  swcontent.Close();
  }
public void chkatt()
  {
  if (attachFile1.Value.ToString() != "")
    {
    // Boolean fileOK = false;
    string str = attachFile1.PostedFile.FileName;
    str = System.IO.Path.GetFileName(str);
    string path = Server.MapPath("~/Attach/") + str;
    attachFile1.PostedFile.SaveAs(path); 
    Label6.Text = str;
    }
  else
    { 
    string str = "n";
    Label6.Text = str;
    }
  }

[edit]Code added from OP (posted as an answer, deleted), code block added, indentation added - OriginalGriff[/edit]

Posted 6-May-11 20:15pm

dhruv300

Updated 6-May-11 22:11pm

Dalek Dave

v3

Add a Solution

Comments

Kim Togo 7-May-11 2:17am

Please be more specific.

NuttingCDEF 7-May-11 2:31am

What exactly is the problem? What do you want to know? What's going wrong? What error messages?

Steven.Pinto2000 7-May-11 3:09am

be clear what on what you want

yesotaso 7-May-11 4:48am

Mye eyes bleeding... must look away... splat

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2011-05-06T21:12:00

My word!
There are so many things that need changing with that code...
From the top:
1) Variable names. Don't use "abc", "c", "Filename1". use names which are descriptive of what they are for. Intellisense helps you to type them ,so it is not extra effort, and it makes you code much more readable.
2) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. This is particularly dangerous in this code:

string str = "select * from usr_mail where m_rec='" + txt_mailto.Text + "' and m_fuldt='" + Filename1.ToString() + "' order by m_id";
SqlCommand cmd = new SqlCommand(str, c.con);

Instead:

string str = "select * from usr_mail where m_rec=@MTO and m_fuldt=@FNM" order by m_id";
SqlCommand cmd = new SqlCommand(str, c.con);
cmd.Parameters.AddWithValue("@", txt_mailto.Text);
cmd.Parameters.AddWithValue("@", Filename1);

3) Stop converting strings to string! If it is a string allready, then adding .ToString() to the end, just wastes time and memory.
4)If you add two strings, and one of them is a constant, what er the odds that the resulting string will be empty? So how often is this going to fail to be true?

string strRequest = "Attach/"+ViewState["fullname"].ToString();
if (strRequest != "")
  {

5) Never, ever do this:

String Filename1 = System.DateTime.Now.Day.ToString();
Filename1 = Filename1 + "-" + System.DateTime.Now.Month.ToString();
Filename1 = Filename1 + "-" + System.DateTime.Now.Year.ToString();

What happens at midnight, server time? Answer, you get stupid dates in your file, and can't work out why. Instead, only ever fetch the current date/time once, and use that. In addition, use DateTime.ToString() with a format string to generate the date you want:

string date = DateTime.Now.ToString("yyyy-MM-dd");

It is shorter, clearer, and less prone to odd bugs.
6) Use UPPER CASE to distinguish SQL Commands from your text. Combined with (2) above

string str = "select * from usr_mail where m_rec='" + txt_mailto.Text + "' and m_fuldt='" + Filename1.ToString() + "' order by m_id";

becomes:

string str = "SELECT * FROM usr_mail WHERE m_rec=@MTO AND m_fuldt=@FNM" ORDER BY m_id";

It helps to break out the fixed and variable parts of the statement.
7) Don't return database information you are not going to use: it wastes network bandwidth and time. Don't use "*" as the field specifier: list the fields you are interested in instead.

SELECT m_att FROM user_mail WHERE ...

8) Why the heck are you getting all records just to count them? Use a Scalar query instead:

string str = "SELECT COUNT(*) FROM usr_mail WHERE m_rec=@MTO AND m_fuldt=@FNM";
SqlCommand cmd = new SqlCommand(str, c.con);
cmd.Parameters.AddWithValue("@MTO", txt_mailto.Text);
cmd.Parameters.AddWithValue("@FNM", Filename1);
int i = cmd.ExecuteScalar();

There's more, but I'm sure that lot will keep you busy for a while!