The download path is hidden by passing an ID in the database, and then reading the path in the database through the passed ID on another page.
1. Method implemented in c# (only the code of .ASPX.CS is required)
string sel_sql="select FileVisualPath from TabMailAttachFiles where FileID="+Request.QueryString[
"destFileName"].ToString(); // string destFileName = Request.QueryString["destFileName"]!=null?Request.QueryString["destFileName" ]:"";
string destFileName=ROA.Components.fune_commerce.Execad(sel_sql).Tables[0].Rows[0][0].ToString();
destFileName = Server.MapPath(".")+destFileName;
destFileName = Server.UrlDecode(destFileName);
if(File.Exists(destFileName))
{
FileInfo fi = new FileInfo(destFileName);
Response.Clear();
Response.ClearHeaders();
Response.Buffer = false;
//Response.AppendHeader("Content-Disposition","attachment;filename=" +HttpUtility.UrlEncode(Path.GetFileName(destFileName),System.Text.Encoding.Default));
Response.AppendHeader("Content-Disposition","attachment;filename=" +HttpUtility.UrlEncode(Path.GetFileName(destFileName),System.Text.Encoding.UTF8));
Response.AppendHeader("Content-Length",fi.Length.ToString());
Response.ContentType="application/octet-stream";
Response.WriteFile(destFileName);
Response.Flush();
Response.End();
}
else
{
Response.Write("<script langauge=javascript>alert('File does not exist!');history.go(-1);</script>");
Response.End();
}
2. Implementation method in ASP
<!--#include file="conn.asp" -->
<%
Response.Buffer = true
Response.Clear
dim url
Dim fso,fl,flsize
dimDname
Dim objStream,ContentType,flName,isre,url1
'****************************************** is passed in when calling download file name
m_ID=trim(request.QueryString("ID"))
set rs=Server.CreateObject("adodb.recordset")
sql="select * from dataview where xsf=true and id="&m_ID
rs.open sql,conn,1,1
if not rs.eof then
Dname=rs("path")
else
Response.Write("no found")
Response.end
end if
rs.close:set rs=nothing
'************************************************ *****************
If Dname<>"" Then
'******************************Server directory where downloaded files are stored
url=Server.MapPath(Dname)
else
Response.Write("no found")
Response.end
End If
Set fso=Server.CreateObject("Scripting.FileSystemObject")
Set fl=fso.getfile(url)
flsize=fl.size
flName=fl.name
Set fl=Nothing
Set fso=Nothing
Set objStream = Server.CreateObject("ADODB.Stream")
objStream.Open
objStream.Type = 1
objStream.LoadFromFile url
Select Case lcase(Right(flName, 4))
Case ".asf"
ContentType = "video/x-ms-asf"
Case ".avi"
ContentType = "video/avi"
Case ".doc"
ContentType = "application/msword"
Case ".zip"
ContentType = "application/zip"
Case ".xls"
ContentType = "application/vnd.ms-excel"
Case ".gif"
ContentType = "image/gif"
Case ".jpg", "jpeg"
ContentType = "image/jpeg"
Case ".bmp"
ContentType = "image/bmp"
Case ".ppt"
ContentType = "application/vnd.ms-powerpoint"
Case ".mdb"
ContentType = "application/x-msaccess"
Case ".wav"
ContentType = "audio/wav"
Case ".mp3"
ContentType = "audio/mpeg3"
Case ".mpg", "mpeg"
ContentType = "video/mpeg"
Case ".rtf"
ContentType = "application/rtf"
Case ".htm", "html"
ContentType = "text/html"
Case ".txt"
ContentType = "text/plain"
Case Else
ContentType = "application/octet-stream"
End Select
Response.AddHeader "Content-Disposition", "attachment; filename=" & flName
Response.AddHeader "Content-Length", flsize
Response.Charset = "UTF-8"
Response.ContentType = ContentType
Response.BinaryWrite objStream.Read
Response.Flush
response.Clear()
objStream.Close
Set objStream = Nothing
%>
Source: "Clouds Lost in the Blue Sky" BLOG