Get full path of a file with FileUpload Control

It's currently true that "when you upload a file the browser will only send the source filename and not the full path" - it makes perfect sense that the server has no business knowing whether the file was in "C:\WINDOWS\" or "F:\SOMEDIR\OTHERDIR\PERSONALINFO\". The filename is always sent, and is useful both to help the user 'recognise' the content and possibly to interrogate the file extension to help determine the file type.

However I know from experience that Internet Explorer definitely used to (in older versions) send the entire path. It's difficult to find an authoritative confirmation (except this apache fileupload control doco)

Internet Explorer provides the entire path to the uploaded file and not just the base file name

Regardless, you should not use nor expect the full path to be sent by any 'modern' browser.

Perhaps you misunderstand the way FileUpload works.

When you upload a file, it is effectively being transferred from the client's computer to the server hosting your application. If you're developing the application, most times, both client and server are the same machine (your computer). Once the application is deployed however, there could be any number of clients connecting to the server, each uploading a different file.

Knowing the full path of the file on the client's computer usually isn't necessary - you'll often want to do something with the file contents. Your examples seem like ASP.NET C#, so I'm guessing you're using the FileUpload control. You can get at the uploaded file's contents by reading the raw stream (FileUpload.PostedFile.InputStream) or by saving the file first (FileUpload.PostedFile.SaveAs), then accessing the saved file. It's your responsibility to save the file, if you want it to be accessible after the current request - if you don't, ASP.NET deletes it.

One more thing - don't forget to set the enctype property on your form to "multipart/form-data". If you don't, the client's browser won't send the file, and you'll spend quite a few minutes wondering what went wrong.

As of IE8, the full path is no longer sent to sites in the Internet Zone.

See the "File Upload Control" section at the end of this post: http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx for discussion.

Try

Server.MapPath(FileUpload1.FileName);

Edit: This answer describes how to get the path to a file on the server. It does not describe how to get the path to a file on the client, which is what the question asked. The answer to that question is "you can't", because modern browser will not tell you the path on the client, for security reasons.

FileUpload will never give you the full path for security reasons.

Convert.ToString(FileUpload1.PostedFile.FileName);

IE 7 and previous versions sent the full path of the uploaded file to the server related to the input type="file" field. Firefox and other modern browsers consider this to be a security flaw and do not. However, this appears to be have been fixed in IE 8.

Perhaps you should instead evaluate why you need the full path to the file as it was located on the client's system. I think it is really superfluous information that should never be posted at all. All you should be concerned with the is the file name so that you can save the file without making changes to the name.

Just to give my 2 cents.

At this moment I also DO get the full user's local path. It's only from 1 machine that I can replicate this issue, but it really does give the full path of the file at the machine of the user.

This is a end-user of our application which is hosted on a off-site server. So it's not on the local machine nor on a local server from which it might happen to be a share.

You can resolve the issue, at least to have the same behaviour all the time by this:

Path.GetFileName(fileUpload.FileName)

Btw, just found this article which states it can happen too: http://www.eggheadcafe.com/community/aspnet/17/10092650/fileupload-control-pro.aspx

Just to confirm the issue.

I had sort of the opposite issue as the original poster: I was getting the full path when I only wanted the filename. I used Gabriël's solution to get just the filename, but in the process I discovered why you get the full path on some machines and not others.

Any computer joined to domain will give you back the full path for the filename. I tried this on several different computers with consistent results. I don't have an explanation for why, but at least in my testing it was consistent.

Check this:

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="FileUp.aspx.vb" Inherits="FileUp" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
        <asp:Label ID="Label1" runat="server"></asp:Label><br />
       <asp:FileUpload ID="FileUpload1" runat="server" /><br />
        <asp:Button ID="Button1" runat="server" Text="Upload" />
    </div>
    </form>
</body>
</html>

Code:

Partial Class FileUp
    Inherits System.Web.UI.Page
    Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
        Dim path As String
        Dim path1 As String
        path = Server.MapPath("~/")
        FileUpload1.SaveAs(path + FileUpload1.FileName)
        path1 = path + FileUpload1.FileName
        Label1.Text = path1
        Response.Write("File Uploaded successfully")
    End Sub
End Class

This dumps the file in your temp folder with file name, then after that you can call it and not worry about it. Because it will get deleted if it is in your temp folder for an amount of days.

string filename = Path.Combine(Path.GetTempPath(), Path.ChangeExtension(Guid.NewGuid().ToString(),".xls"));
                File.WriteAllBytes(filename, FileUploadControl.FileBytes);

I'm using IE 8 (on two separate machines). Each still uploads the full local file path. As suggested by Gabriël, Path.GetFileName(fileUploadControl.PostedFile.FileName) appears to be the only way to ensure that you only get the filename.

Check this post under FileUpload Control

Additionally, the “Include local directory path when uploading files” URLAction has been set to "Disable" for the Internet Zone. This change prevents leakage of potentially sensitive local file-system information to the Internet. For instance, rather than submitting the full path C:\users\ericlaw\documents\secret\image.png, Internet Explorer 8 will now submit only the filename image.png.

Its an option under Internet security that can be enabled

dim path as string = FileUpload1.PostedFile.FileName

By the way, I am using Visual Studio 2010. I don't know if there is a difference with the other version.

This will not problem if we use IE browser. This is for other browsers, save file on another location and use that path.

if (FileUpload1.HasFile)

{

string fileName = FileUpload1.PostedFile.FileName;

string TempfileLocation = @"D:\uploadfiles\";

string FullPath = System.IO.Path.Combine(TempfileLocation, fileName);

FileUpload1.SaveAs(FullPath);

Response.Write(FullPath);

}

Thank you

You can't get full path of a file at client's machine. Your code might work at localhost because your client and the server is the same machine and the file is at the root directory. But if you run it on a remote machine you will get an exception.

On Internet Explorer Options, on security tab click on custom security button, there have an option to send the local path when loading some file to server.

Disabled as default. Just enable it.

Path.GetFullPath(fileUpload.PostedFile.FileName);

Sorry this 'll get your program file directory + your file name.