0

My fileupload isnt creating the path if its not there, its only working if the folder belonging to the user id is actually already in place, I need it to upload whether the folder is there or not.

    protected void Button1_Click(object sender, EventArgs e)
    {
        if (FileUpload1.HasFile)
        {
            try
            {
                string theUserId = Session["UserID"].ToString();
                OdbcConnection cn = new OdbcConnection("Driver={MySQL ODBC 3.51 Driver}; Server=localhost; Database=gymwebsite2; User=root; Password=commando;");
                cn.Open();



                string filenameDB = Path.GetFileName(FileUpload1.FileName);
                string fileuploadpath = Server.MapPath("~/userdata/" + theUserId + "/uploadedimage/") + Path.GetFileName(FileUpload1.FileName);
                FileUpload1.SaveAs(fileuploadpath);
                string fileuploadpaths = ("~/userdata/" + theUserId + "/uploadedimage/") + filenameDB;
                Label2.Text = "Upload status: File uploaded!";


                OdbcCommand cmd = new OdbcCommand("INSERT INTO Pictures (UserID, picturepath) VALUES (" + theUserId + ", '" + fileuploadpaths + "')", cn);
                cmd.ExecuteNonQuery();
                OdbcCommand md = new OdbcCommand("UPDATE User SET flag = 0 WHERE UserId = '" + theUserId + "'", cn);
                // OdbcCommand cmd = new OdbcCommand("UPDATE Pictures SET picturepath ='" + fileuploadpaths + "' WHERE UserId = '" + theUserId + "'", cn);
                md.ExecuteNonQuery();
                Response.Redirect("UserProfileWall.aspx");
            }

            catch (Exception ex)
            {
                Label2.Text = "Upload status: The file could not be uploaded. The following error occured: " + ex.Message;

            }

        }
    }

}
GEOCHET
  • 21,119
  • 15
  • 74
  • 98
G Gr
  • 6,030
  • 20
  • 91
  • 184
  • See http://stackoverflow.com/questions/4535627/where-is-the-best-place-to-save-images-from-users-upload/4535684#4535684 for some best practices on how you should be doing this. Your current approach is unsafe. – Ian Mercer Apr 06 '11 at 21:00
  • you really are not getting any of the advices about your code being vulnerable to SQL injection and using an ADO.NET driver instead of ODBC provided to you in your previous questions (http://stackoverflow.com/questions/5544261/new-mysql-connection-error-ive-never-seen)? How many times we must tell you that you **SHOULD NOT USE** string concatenations when building your SQL queries but use parametrized queries instead? – Darin Dimitrov Apr 06 '11 at 21:01
  • im going to Darin, just trying to fix my issue first – G Gr Apr 06 '11 at 21:05
  • you have serious issues with your data access code that you need to fix at the first place before going further. I mean posting questions and providing such code that could is indexed by Google, you imagine that there are other people reading it, and might suppose that it is a good thing to do and even copy-paste and reuse it. So a big warning => this is bad code. – Darin Dimitrov Apr 06 '11 at 21:06
  • ahhh I see Darin ok well I will edit my post to a a line of dots when im done, and make sure my next questions are framed for the poster child of security at heart – G Gr Apr 06 '11 at 21:15

3 Answers3

3

Why don't you simply check if the folder is already created, if it's not create it. if(System.IO.Directory.Exists("YourDirectoryPath")) do your stuff;

Ali
  • 3,568
  • 2
  • 24
  • 31
2

The command you want to utilize is 

  string fileuploadDir = Server.MapPath("~/userdata/" + theUserId + "/uploadedimage/");
 if(!System.IO.Directory.Exists(fileuploadDir)
    {
    System.IO.Directory.CreateDirectory(fileuploadDir)
    }

Insert this after:

string fileuploadpath = Server.MapPath("~/userdata/" + theUserId + "/uploadedimage/") + Path.GetFileName(FileUpload1.FileName);

Corrected based on comments below.

Cos Callis
  • 5,051
  • 3
  • 30
  • 57
  • i get the error Upload status: The file could not be uploaded. The following error occured: Access to the path 'C:\Users\Garrith\Documents\Visual Studio 2010\WebSites\WebSite1\userdata\4\uploadedimage\images.jpg' is denied. – G Gr Apr 06 '11 at 21:04
  • I noticed that you put the full file name into the fileUploadPath (a valid thing to do, just not my normal practice). Identify the directory in with something like: string fileuploadDir = Server.MapPath("~/userdata/" + theUserId + "/uploadedimage/") and try that where I had fileUploadPath. – Cos Callis Apr 06 '11 at 21:05
  • cos it was a problem with the image lol really unsure why it denied me access to that one image? really really strange – G Gr Apr 06 '11 at 21:15
  • Garrith, If you copied the image into that directory using windows explorer rather than uploading it the file will not grant the permissions to allow the ASP.NET user context access to the file. If you manually add permissions to that file or tell the directory to reset permissions on all objects in the directory it will work as expected. – Cos Callis Apr 06 '11 at 21:22
2
string dirPath= Path.GetDirectoryName(fileuploadpath);
if(!Directory.Exists(dirPath))
{
    Directory.CreateDirectory(dirPath);
}
miyamotogL
  • 513
  • 3
  • 10