Validating an Excel file before uploading

S

sureshcd10

Regular
Joined
Dec 25, 2003
Messages
77
:confused: :)
My webpage users will be uploading an Excel file

They will click on Browse button and Select their Excel file and then click upload button.But befor the uploading happens I want to check whether
this excel sheet contains all the compulsary fields and are in correct format.
How can I do this. Any other better ways/ideas to do this.Please help ?
(I am using ASP.NET with C# coding)
Thank u all in advance

:confused:
 
There is no way you can check the file before the upload.
Your code is running on the server not the client.
 
Hi sureshcd10,

I am having a similar problem to you, but in my case I am dealing with a CSV file. FZelle is correct, you cannot validate your file before you upload the file. What you can do, is upload your file and then perform the validation, if the validation fails delete the uploaded file and inform the user that the file was not in the correct format.

How are you validating your file, are you simple looping through the first column to ensure that the correct number of rows have been supplied or have you an alternative solution.

Since you are trying to validate the file, I also am assuming that you intend to insert the data stored in the file into a database table. How do you propose to complete this action (Sql statement in your code/ stored procedure) and at the same time prevent someone slipping some malicious script into your database that can be executed at a later time?

Mike55
 
Hi sureshcd10,

If you are transferring all the data in your excel file into a database, suggest you do a Server.HtmlEncode on the data from each excel cell that you insert. The Server.HtmlEncode will take the data submitted, if it finds any scripting tags "<" or ">" it will turn the tag into its Html equivalen,t i.e. "<". Granted it does not prevent the script getting into your database, but it ensures that the script is so screwed up that it can't be used.

Mike55.
 
mike55 said:
Hi sureshcd10,

If you are transferring all the data in your excel file into a database, suggest you do a Server.HtmlEncode on the data from each excel cell that you insert. The Server.HtmlEncode will take the data submitted, if it finds any scripting tags "<" or ">" it will turn the tag into its Html equivalen,t i.e. "<". Granted it does not prevent the script getting into your database, but it ensures that the script is so screwed up that it can't be used.

Mike55.
Click to expand...

Yes, Mike55 u are in the right direction
 
Just to make it clear again:
There is no way, that a DataRow can have malicious code.

Only while you insert theData into the table something like that can occure,
and only if you don't use the ParameterCollection.
 
Back
Top