Jump to content
Xtreme .Net Talk

Validating an Excel file before uploading

sureshcd10

By sureshcd10
in ASP.NET

 Share

Recommended Posts

sureshcd10 Newbie

sureshcd10

Posted
Posted

:confused: :)

My webpage users will be uploading an Excel file

 

They will click on Browse button and Select their Excel file and then click upload button.But befor the uploading happens I want to check whether

this excel sheet contains all the compulsary fields and are in correct format.

How can I do this. Any other better ways/ideas to do this.Please help ?

(I am using ASP.NET with C# coding)

Thank u all in advance

 

:confused:

ima
mike55 Newbie

mike55

Posted
Posted

Hi sureshcd10,

 

I am having a similar problem to you, but in my case I am dealing with a CSV file. FZelle is correct, you cannot validate your file before you upload the file. What you can do, is upload your file and then perform the validation, if the validation fails delete the uploaded file and inform the user that the file was not in the correct format.

 

How are you validating your file, are you simple looping through the first column to ensure that the correct number of rows have been supplied or have you an alternative solution.

 

Since you are trying to validate the file, I also am assuming that you intend to insert the data stored in the file into a database table. How do you propose to complete this action (Sql statement in your code/ stored procedure) and at the same time prevent someone slipping some malicious script into your database that can be executed at a later time?

 

Mike55

A Client refers to the person who incurs the development cost.

A Customer refers to the person that pays to use the product.

------

My software never has bugs. It just develops random features. (Mosabama vbforums.com)

mike55 Newbie

mike55

Posted
Posted

Hi sureshcd10,

 

If you are transferring all the data in your excel file into a database, suggest you do a Server.HtmlEncode on the data from each excel cell that you insert. The Server.HtmlEncode will take the data submitted, if it finds any scripting tags "<" or ">" it will turn the tag into its Html equivalen,t i.e. "<". Granted it does not prevent the script getting into your database, but it ensures that the script is so screwed up that it can't be used.

 

Mike55.

A Client refers to the person who incurs the development cost.

A Customer refers to the person that pays to use the product.

------

My software never has bugs. It just develops random features. (Mosabama vbforums.com)

sureshcd10 Newbie

sureshcd10

Posted
  • Author
Posted
Hi sureshcd10,

 

If you are transferring all the data in your excel file into a database, suggest you do a Server.HtmlEncode on the data from each excel cell that you insert. The Server.HtmlEncode will take the data submitted, if it finds any scripting tags "<" or ">" it will turn the tag into its Html equivalen,t i.e. "<". Granted it does not prevent the script getting into your database, but it ensures that the script is so screwed up that it can't be used.

 

Mike55.

 

Yes, Mike55 u are in the right direction

ima
FZelle Newbie

FZelle

Posted
Posted

Just to make it clear again:

There is no way, that a DataRow can have malicious code.

 

Only while you insert theData into the table something like that can occure,

and only if you don't use the ParameterCollection.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...