一个自己写的真正判断文件格式,文件大小,而并不仅仅从扩展名来进行判断的上传方法,进一步加强防止软件或恶意的木马图片上传

本文链接：https://blog.csdn.net/wenzhoufeng/article/details/1956541

if (FileUpload1.HasFile)
        {
            string filename = myfunction.UploadPic(this.FileUpload1, myfunction.Getcompanylogopath());
            if (filename.IndexOf("您") != -1)
            {
                Page.RegisterClientScriptBlock("err", "<script language=javascript>alert('" + filename + "');</script>");
            }
            else
            {

            }
        }

public string UploadPic(FileUpload FileUpload1,string SavePath)
        {
            string filename = string.Empty;
            string retstr = string.Empty;
            if (FileUpload1.HasFile)
            {
                string dirpath = SavePath;
                filename = FileUpload1.FileName;
                string[] myfile = filename.Split('.');
                int maxkb = this.GetUploadPicturemax();
                string newfilename = string.Empty;
                string dotname = myfile[myfile.Length - 1].ToString().ToLower();
                string folder = DateTime.Now.Year.ToString() + DateTime.Now.Month.ToString() + DateTime.Now.Day.ToString();
                if (dotname != "gif" && dotname != "jpg" && dotname != "png")
                {

                    retstr = "您上传的文件格式错误,请使用gif,jpg或png文件";
                }
                else
                {
                    try
                    {
                        if (FileUpload1.PostedFile.ContentLength / 1024 > maxkb)
                        {
                            retstr = "对不起,您上传的图片文件太大,最大不能超过" + maxkb.ToString() + "kb";

                        }
                        else
                        {

                            if (!System.IO.Directory.Exists(dirpath + folder))
                            {
                                System.IO.Directory.CreateDirectory(dirpath + folder);
                            }
                            Random myrdn = new Random();
                            newfilename = DateTime.Now.Year.ToString() + DateTime.Now.Month.ToString() + DateTime.Now.Day.ToString() + DateTime.Now.Hour.ToString() + DateTime.Now.Minute.ToString() + DateTime.Now.Second.ToString() + myrdn.Next(10000).ToString() + "." + dotname;
                            FileUpload1.SaveAs(dirpath + folder + "//" + newfilename);
                            newfilename = folder + "//" + newfilename;
                            //继续判断图片的大小是否在指定范围内

                            System.Drawing.Image image = System.Drawing.Image.FromFile(dirpath + newfilename);
                            if (image.RawFormat.Guid != System.Drawing.Imaging.ImageFormat.Gif.Guid && image.RawFormat.Guid != System.Drawing.Imaging.ImageFormat.Jpeg.Guid && image.RawFormat.Guid != System.Drawing.Imaging.ImageFormat.Png.Guid)
                            {
                                //删除图片
                                image.Dispose();
                                if (System.IO.File.Exists(dirpath + newfilename))
                                    System.IO.File.Delete(dirpath + newfilename);
                                retstr = "对不起,您上传的图象格式为非法,请勿上传未知图片格式";

                            }
                            else
                            {
                                image.Dispose();
                                retstr = filename;
                            }
                        }
                    }
                    catch
                    {
                        retstr = "对不起,您上传的图象格式为非法,请勿上传未知图片格式";
                        if (System.IO.File.Exists(dirpath + newfilename))
                            System.IO.File.Delete(dirpath + newfilename);