How to use Free ASP Upload in your site
We intend to document all aspects of this code with as much detail as possible, but in the end you will realize that the actual process of capturing and saving the uploaded files using Free ASP Upload is as simple as two short ASP lines.
Considerations about deployment
If you are adding an upload capability to your site (using this script or any other), you should consider who will have access to it, what files can be uploaded, and whether and how uploaded files are published on the site.
For example: it's a really bad idea if any visitor has access to the upload function and the files uploaded are automatically published on the site. If that is possible, then malicious visitors will quickly abuse your upload. More specifically, suppose you let anyone upload images to your web site directly, then your web site will soon be showing the wrong kind of images. Similarly, if you let users upload HTML pages to your site directly, then spammers will upload pages with links to their commercial sites.
There are three levels of prevention to avoid exploitation of your site's upload feature:
The upload page
The first step to add upload capabilities to your site is to find a page to hold the upload form. Before creating your own, you should first try the one included in the ZIP file: the "uploadTester.asp" page. It illustrates all the necessary aspects of both the initial upload page and of the file-uploaded, landing page.
If you are creating your own uploading page, it must follow a few rules (see also section above about avoiding abuses from unauthorized visitors). This page does not have to be an ASP page, it can be plain HTML or any other file type that can render a form in the browser.
The uploading script is designed with support for international characters, and the upload page must account for that too. The charset of the page must be utf-8 (see the <META> element in "uploadTester.asp".)
The upload form is a FORM-element area that includes input elements of the kind "type=file". These elements — one for each file — let the user type the name of the file or browse in the system to pick it.
The folowing attributes of the FORM element are required and must have these exact values:
Besides the file elements and the submit button, the upload form may have elements of other types. This means that, together with file(s) to upload, you can also post other kinds of typical form data such as text, numbers, etc.
Finally, the ACTION parameter of the FORM tag will contain the address of the page that will process the upload and tell the user the file was uploaded. This is the page that includes the actual "Free ASP Upload" script, as described in the next section.
The "file-uploaded" page
This page will receive the information from the form, save the uploaded files, and process any other fields in your form. This needs to be an ASP page because it will #include the code of the FreeASPUpload class.
In some cases it is convenient to use the same file to render both the upload page and the "file-uploaded" one, like in our example. The ASP code in the file decides which page to render based on the value of Request.ServerVariables("REQUEST_METHOD").
When it comes to actually saving the uploaded files, it only takes two lines, one for the creation of the Free ASP Upload object and the other to extract the files from the POST request and save them to the server:
Upload.Save(upload directory path)
To process other fields in the form, use the Form collection of the upload object the same way you would use the Form collection of the Request object. For example, if your form had a text element named UserName, your processing code would include:
If this page renders text entered in the upload form using the request.write ASP method, you must configure the ASP session to deal correctly with the UTF-8 unicode strings. You do this with the following ASP statement: Session.CodePage = 65001
FreeASPUpload quick Reference
FreeASPUpload (the main ASP class for the uploader)
UploadedFiles - A Dictionary of UploadedFile objects. You can check the length of keys to verify if the user actually uploaded any files; see example in the SaveFiles function of the uploadTester.asp code sample. The values of the keys are the names of the type="file" input elements in the uploading form. For example, for the uploadTester.asp script, the input element names are "attach1", attach2", attach3", and "attach4". Through the key values, the server-side script can figure out the origin of each uploaded file, if that is important.
Description: Saves all the uploaded files to the specified directory using the same file names as the files had at the origin.
Method name: SaveOne
Description: Saves one of the uploaded files to the specified directory. It will first attempt to save the file with the original file name, but if a file with that name already exists, it will append a number to make it unique (file.gif may become file3.gif, for example).
UploadedFile (obtained from FreeASPUpload through the UploadedFiles property)
ContentType, FileName, Length.