基于在您的描述中，我猜测前面的代码只是从文件上传控件中获取文件的路径，并且不会尝试将其保存在服务器上的任何位置。



文件上传控件提供的路径是文件在客户端上的路径。（大多数浏览器甚至会删除文件夹路径，只需发送文件名。 ）



该文件尚未保存在服务器上的此路径中。如果是，那将是一个主要的安全漏洞，因为攻击者可能会覆盖服务器上的任何文件只需操作路径即可。



相反，您需要使用SaveAs [ ^ ]方法将文件保存到特定文件夹中服务器，或使用 FileContent [ ^ ]或 FileBytes [ ^ ]属性，用于访问文件的原始内容。

  string an> directory = Path.GetTempPath（）; 
 string  fileExtension = Path.GetExtension（uploadExcelFile.FileName）; 
 string  fileName = Path.Combine（目录，Guid.NewGuid（）。ToString（  N）+ fileExtension）; 

 string 连接; 
 if （ string  .Equals（fileExtension，  。xls，StringComparison.OrdinalIgnoreCase））
 {
 connectionString =    Provider = Microsoft.Jet.OLEDB.4.0; Data Source =' + fileName +  ';扩展属性='Excel 8.0; HDR = YES;'; 
} 
其他 如果（ string  .Equals（fileExtension， 。xlsx，StringComparison.OrdinalIgnoreCase））
 {
 connectionString =   Provider = Microsoft.ACE.OLEDB.12.0; Data Source = + fileName +  ;扩展属性='Excel 12.0 Xml; IMEX = 1; HDR = YES; TypeGuessRows = 0 ; ImportMixedTypes =文本;'跨度>; 
} 
其他 
 {
 throw   new  InvalidOperationException（ 无效的文件类型）; 
} 

 uploadExcelFile.SaveAs（fileName）; 

使用（OleDbConnection connection =  new  OleDbConnection（connectionString））
 {
 ... 

I am trying to upload and parse an excel file to Sharepoint 2010 via a web part.

The code I have works when the excel file is stored on the server (ie, my user profile Desktop), but it fails when I try to upload the excel file via a user interface. When uploading it via the user interface, I am able to obtain the file name and a few other details, but suddenly, it FAILS always on the line above where it says 'connection.Open();'

What can I do for this to work?

This is part of the code I have:

string fileToUpload = uploadExcelFile.FileName;
System.IO.Stream strm = uploadExcelFile.PostedFile.InputStream;
fileName = uploadExcelFile.FileName;

Boolean replaceExistingFiles = true;

byte[] byt = new byte[Convert.ToInt32(uploadExcelFile.PostedFile.ContentLength)];
strm.Read(byt, 0, Convert.ToInt32(uploadExcelFile.PostedFile.ContentLength));
strm.Close();

SPSite localSite = SPContext.Current.Site;
            SPWeb localWeb = localSite.OpenWeb();
            SPFolder ExcelLibrary = localWeb.Folders["ExcelLib"];
            localWeb.AllowUnsafeUpdates = true;
            ExcelLibrary.Files.Add(System.IO.Path.GetFileName(uploadExcelFile.PostedFile.FileName), byt, replaceExistingFiles);
            ExcelLibrary.Update();

string fileExtension = Path.GetExtension(fileName).ToUpper();
                        string connectionString = "";

                        if (fileExtension == ".XLS")
                        {
                            connectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source='" + fileName + "'; Extended Properties='Excel 8.0;HDR=YES;'";
                        }
                        else if (fileExtension == ".XLSX")                           
                            connectionString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=" + fileName + ";Extended Properties='Excel 12.0 Xml;IMEX=1;HDR=YES;TypeGuessRows=0;ImportMixedTypes=Text;'";

            String[] excelSheets;

            using (OleDbConnection connection = new OleDbConnection(connectionString))
            {
                connection.Open(); // CODE FAILS HERE

                DataTable dtExcelSchema = connection.GetOleDbSchemaTable(OleDbSchemaGuid.Tables, null);

               
Thanks in advance!  I need to get this solved asap. :-(

What I have tried:

I have looked online tirelessly.  This code snippet (above) is well-known and can be found online, however, I wonder why it fails.

Based on your description, I'm guessing that the preceding code simply takes the path of the file from the file upload control, and doesn't attempt to save it anywhere on the server.

The path provided by the file upload control is the path of the file on the client. (Most browsers will even strip out the folder path, and simply send the file name.)

The file has not been saved in this path on the server. If it was, it would be a major security vulnerability, since attackers could overwrite any file on your server simply by manipulating the path.

Instead, you either need to use the SaveAs[^] method to save the file to a specific folder on the server, or use either the FileContent[^] or FileBytes[^] properties to access the raw content of the file.

string directory = Path.GetTempPath();
string fileExtension = Path.GetExtension(uploadExcelFile.FileName);
string fileName = Path.Combine(directory, Guid.NewGuid().ToString("N") + fileExtension);

string connection;
if (string.Equals(fileExtension, ".xls", StringComparison.OrdinalIgnoreCase))
{
    connectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source='" + fileName + "'; Extended Properties='Excel 8.0;HDR=YES;'";
}
else if (string.Equals(fileExtension, ".xlsx", StringComparison.OrdinalIgnoreCase))
{
    connectionString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=" + fileName + ";Extended Properties='Excel 12.0 Xml;IMEX=1;HDR=YES;TypeGuessRows=0;ImportMixedTypes=Text;'";
}
else
{
    throw new InvalidOperationException("Invalid file type");
}

uploadExcelFile.SaveAs(fileName);

using (OleDbConnection connection = new OleDbConnection(connectionString))
{
    ...