The FileUpload control enables you to provide users with a way to send a file from their computer to the server. The control is useful for allowing users to upload pictures, text files, or other files. The file to be uploaded is submitted to the server as part of the browser request during postback. After the file has completed uploading, you can manage the file in your code.
The FileUpload control displays a text box where users can type the name of a file that they want to upload to the server. The control also displays a Browse button that displays a file-navigation dialog box. (The dialog box that is displayed depends on the operating system of the user's computer.) For security reasons, you cannot pre-load the name of a file into the FileUpload control.
To add a FileUpload control to a page
- Drag the FileUpload control from the Toolbox task pane to your page.
Handling Uploaded Files
When users have selected a file to upload and submitted the page, the file is uploaded as part of the request. The file is cached in its entirety in server memory. When the file has finished uploading, your page code runs. For more information about managing uploaded files, see FileUpload Web Server Control Overview and How to: Upload Files with the FileUpload Web Server Control in the MSDN library.
The maximum size file that can be uploaded depends on the value of the MaxRequestLength configuration setting. If users attempt to upload a file that is larger than the maximum allowed, the upload fails.
Security and the FileUpload Control
Using the FileUpload control, users can upload potentially malicious files, including script files and executable files. You cannot limit in advance the files that a user can upload. If you want to limit the types of files that a user can upload, you must examine the file characteristics (for example, the file name extension and the value of the file's ContentType property) after the file has been uploaded.