The Add File Page

The Add File Page

The Add File page (AddFile.aspx) allows users to add new files into one of their groups. There are three buttons on the screen and a number of fields into which information about the file can be entered.

The Cancel_Click() method simply redirects the user to the Manage Files page, and the Main_Click() method redirects the user to the main menu page. Both of these methods can be seen in the first few lines of Listing 22.8.

The Save _Click() method is fired when users click the Save button. This method performs all the steps to save the file information to the database, accept the upload, and save the file to the correct location.

The Save_Click() method has a try/catch/finally block so that database and file exceptions will be caught and dealt with. A Boolean variable will remember whether the entire process is successful. If any part of the operation fails, a message will be shown to the user in the Label object named ErrorMessage. If all parts of the process are successful, the user will be redirected to the Manage Files page.

Inside of the try block, the code starts off by opening the SqlConnection object. Several strings, and the contain values that relate to the directory structure into which the file will be saved, are assigned. Here's the way the directory structure is formed :

The current directory of the application:

Request.MapPath( "." )

The directory into which all file directories will be saved:

ConfigurationSettings.AppSettings["DirectoryName"]

The user directory:

"Dir" + Convert.ToString( Session["ID"] )

The group directory:

Request.QueryString["GroupID"]

For example:

C:\inetpub\wwwroot\filerepository\filedir\dir16\

Once the directory string has been created, the existence of both directories (the user directory and the group directory that's within the user directory) are verified , and the application creates them if they don't exist.

The user interface object that contains the file name is named Filename. It's a File Field object that's available from the HTML toolbox. The following code shows how to get the full file and path from the object:

string strFilename = Filename.PostedFile.FileName;

Dim strFilename As String = Filename.PostedFile.FileName

Once we have the full file and path, we need to extract the file name. The following code does this:

string strSourceFile =
  strFilename.Substring( strFilename.LastIndexOf( '\' ) + 1 );

Dim strSourceFile As String =
  strFilename.Substring( strFilename.LastIndexOf( 92 ) + 1 )

And finally, the upload can be carried out with the following code:

Filename.PostedFile.SaveAs( strDestPath );

Filename.PostedFile.SaveAs( strDestPath )

Once the file has been uploaded, a record is inserted into the database using a SqlCommand object and its ExecuteNonQuery() method.

For your convenience, the process of uploading a file is summarized here:

Listing 22.8 This Code Is behind the AddFile.aspx Page.

private void Cancel_Click(object sender, System.EventArgs e)
{
  Response.Redirect( "MngFiles.aspx" );
}

private void Main_Click(object sender, System.EventArgs e)
{
  Response.Redirect( "Default.aspx" );
}

private void Save_Click(object sender, System.EventArgs e)
{
  bool bOperationSucceeded = true;

  // Create a connection object.
 SqlConnection objConnection =
  new SqlConnection(ConfigurationSettings.AppSettings["ConnectString"]);

  try
  {
    // Open the connection.
    objConnection.Open();
    string strUserDir = "Dir" + Convert.ToString( Session["ID"] );
    string strGroupDir = Request.QueryString["GroupID"];
    string strFileDir =
      ConfigurationSettings.AppSettings["DirectoryName"];

    // Check for both directories here... Create them if necessary
    if( !Directory.Exists( Request.MapPath( "." ) + "\" + strFileDir +
      "\" + strUserDir ) )
    {
      Directory.CreateDirectory( Request.MapPath( "." ) + "\" +
        strFileDir + "\" + strUserDir );
    }
    if( !Directory.Exists( Request.MapPath( "." ) + "\" + strFileDir +
      "\" + strUserDir + "\" + strGroupDir ) )
    {
      Directory.CreateDirectory( Request.MapPath( "." ) + "\" +
        strFileDir + "\" + strUserDir + "\" + strGroupDir );
    }

    // Allow the file to upload here...
    string strFilename = Filename.PostedFile.FileName;
    string strSourceFile =
      strFilename.Substring( strFilename.LastIndexOf( '\' ) + 1 );
    string strDestPath =
      Request.MapPath( "." ) + "\" + strFileDir + "\" + strUserDir +
      "\" + strGroupDir + "\" + strSourceFile;
    Filename.PostedFile.SaveAs( strDestPath );
    string strFilesize =
      Convert.ToString( Filename.PostedFile.ContentLength );

    string strSql = "Insert into " +
      "FileInfo Title,Version,Description,Filename, " +
      "Filesize,Directory,OwnerID,GroupID) VALUES ('" + Title.Text +
      "'," + Version.Text+ ",'" + Description.Text + "','" +
      strSourceFile + "'," + strFilesize + ",'" + strUserDir + "\" +
      strGroupDir + "'," + Convert.ToString( Session["ID"] ) + "," +
      Request.QueryString["GroupID"] + ")";
    // Create a command object.
    SqlCommand objCommand = new SqlCommand( strSql, objConnection );
    objCommand.ExecuteNonQuery();
  }
  catch( Exception ex )
  {
    // Alert the user to the error.
    ErrorMessage.Text = ex.Message.ToString();
    bOperationSucceeded = false;
  }
  finally
  {
    // Close the connection.
    if( objConnection.State == ConnectionState.Open )
    {
      objConnection.Close();
    }
  }

  if( bOperationSucceeded )
  {
    Response.Redirect( "MngFiles.aspx" );
  }
}