0

I am trying to use swfupload to upload file to the server. The photo upload worked perfectly fine on the development machine but when i tried to check it on production server. there was 500 internal server error. Checking the exception details the

             `Stack trace:    at System.Drawing.Image.Save(String filename, ImageCodecInfo encoder, EncoderParameters encoderParams)
   at System.Drawing.Image.Save(String filename, ImageFormat format)
   at ImageryDataAccess.SaveFullSizeImage(Byte[] ImageData)
   at ImageryDataAccess.SaveUserImage(Byte[] ImageData, Guid UserId)
   at Photos.Page_Load(Object sender, EventArgs e)
   at System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) `

showed this details. I checked the function save fullsizeimage there seemed to be only one suspect and that was

         string fileName=ImageName.ToString() + ".JPEG";
    string App_datapath = HttpContext.Current.Server.MapPath("~/App_Data/setP");
    bmp.Save(App_datapath+"/" +fileName, System.Drawing.Imaging.ImageFormat.Jpeg);

This code works fine on dev server but not on production. What I am not sure what I am going wrong here. / is my only guess to be something a problem because the microsoft use\ for directory paths. but again why then it would work on dev server. If any one can resolve the issue..

Mikael Engver
  • 4,634
  • 4
  • 46
  • 53
Spirals Whirls
  • 543
  • 1
  • 8
  • 27
  • 1
    Does this path exist ? As a side remark, it may be safer to store user-uploaded files outside of the root so that if someone ever manages to upload malicious file, it can't be executed online – Laurent S. Jul 03 '13 at 13:02
  • yes the path exists and you are right I will have to do that but right now I have to make this work.. – Spirals Whirls Jul 03 '13 at 13:08
  • 1
    @Bartdude - not really - his upload scripts should only allow people to upload certain file extensions. – Darren Wainwright Jul 03 '13 at 13:31

1 Answers1

1

The problem is you're trying to save to the App_Data folder - this folder is only available to actual code. You cannot write to it by default, you also cannot output its contents to your website.

The App_Data is specifically meant for Data only - such as XML & Database files - see here for more info: MSDN App_Data folder

So, even if you managed to save a file into app_data you would not be able to display it - you would receive an unauthorized access error message.

To fix, change this:

HttpContext.Current.Server.MapPath("~/App_Data/setP")

to something like this

HttpContext.Current.Server.MapPath("~/uploadImages/setP")

Essentially give yourself a different folder to upload to.

Update

Following from the comments it seems you are getting the A Generic error occurred in GDI+..... message. This is more often than not due to write permissions on the folder you're trying to save to is not set. Change them to enable write and you're good to go. Again though, it's best to not save them there unless you really must..

Darren Wainwright
  • 30,247
  • 21
  • 76
  • 127
  • why then it works on dev machine?? I can save and display images with a httphandler – Spirals Whirls Jul 03 '13 at 13:39
  • the development server is a little more "forgiving" - i would also imagine you don't have write permissions set on your production server for that folder. All in all - don't store them there.. it will cause more issues in the long run. – Darren Wainwright Jul 03 '13 at 13:41
  • Ok Thanks darren .. So it means the path I am using is not causing problems but the directory access and stature? – Spirals Whirls Jul 03 '13 at 13:42
  • Yes, i think the path you are using is causing problems - more than likely you haven't set write permissions on the folder on your server. Like i say, don't save them there, though if you really must must then check your folder permissions. Are you able to show us the actual exception message (`ex.Message`) rather than just the stack trace? – Darren Wainwright Jul 03 '13 at 13:44
  • The exception contains the server details so if you think it be appropriate to display here???... – Spirals Whirls Jul 03 '13 at 13:47
  • just omit those parts. the `Message` property will be something like maybe "A generic error occurred in GDI+...." - if this is the case, then it's a good 99.99% chance it's folder permissions – Darren Wainwright Jul 03 '13 at 13:50
  • Yes exactly the same message – Spirals Whirls Jul 03 '13 at 13:50
  • 1
    There you go then. you haven't got write permission set on that folder. – Darren Wainwright Jul 03 '13 at 13:53
  • Thanks Darren you are so helpful.. I wish I should invite you all to the untility once it is ready... Thanks – Spirals Whirls Jul 03 '13 at 13:56
  • The security of the photos is the main concern.. So I am not sure what to do now.. – Spirals Whirls Jul 03 '13 at 14:08
  • 1
    then in that case do as Bartdude suggested and save them outside of the root - if you're able to.. - if not, then you could rename the images with a guid for a filename. less likely to guess it. you could also set up your server to restrict delivery of content in certain folders. – Darren Wainwright Jul 03 '13 at 14:15