Using XML to Improve File-Upload Processing

By Marco Nanni

This article examines an example of multiple binary file upload for Web applications using Extensible Markup Language (XML) technology, without the typical limitation of traditional file upload processing.
It describes how to use Microsoft XML Parser 3.0 (MSXML) and ActiveX Data Objects (ADO) Stream objects for a new upload strategy with several benefits.
For example, no custom ASP components are required.


To obtain a file upload with a traditional HTML page, on the client side we can use a form structured in the following way:

<FORM NAME=”myForm”
<INPUT TYPE=”file” NAME=”myFile”>
<INPUT TYPE=”submit” VALUE=”Upload File”>

This solution presents several limitations both on the client and server side.
We must use the POST method (because the GET can’t manage this type of data), and we have no solutions to trigger a POST processing without using an HTML form. When we send data to the TargetURL, the browser loads this page as the new current page and we have an undesirable “context switch.”

The ENCTYPE property defines the Multipurpose Internet Mail Extensions (MIME) encoding for the form and must be set to “multipart/form-data” for file upload forms. When we set this property to “multipart/form-data” we obtain a different structure of the POST buffer (which is also more complex) and the Request ASP object can’t access the form contents. Therefore, we can read the POST buffer using the Request.binaryRead method, but we can’t use scripting languages to do this. The Request.binaryRead method returns a VTarray (which is a variant array of unsigned one byte characters) while scripting languages can manage only variant variables. We can resolve this problem only by using a specific, custom ASP component or ISAPI extension, such as CPSHOST.DLL. This behavior is by design.

A New Upload Strategy

The idea underlying this article is the use of the following step:
On the client-side:

  • create a XML document using the MSXML 3.0 object;
  • create a XML node with binary content;
  • populate this node with the content of the uploading file using the ADO Stream object;
  • send the document to the Web server using the XMLHTTP object.

On the server-side:

  • read the XML document from the Request ASP object;
  • read the content of the binary node and store it into a file on the server. Optionally, we can store it into a BLOB field of a database tables.

Before explaining the source code sample, we can make a few considerations about the solution used in this article.

XML Consideration

XML support many data types, such as numeric, float, character, etc. Many authors define XML as the ASCII of the future, but we can’t forget that this technology can also describe binary information using the “bin.base64” data type. This feature is fully available with MS XML 3.0 Parser and to date requires a custom setup. This object provides some properties that enable a complete management of binary contents:

obj_node.dataType – This read/write property specifies the data type of the selected node. The XML parser supports more dataType values.

For binary contents we can use the “bin.base64” data type;

  • obj_node.nodeTypedValue – This read/write property contains the selected node’s value expressed in its defined data type.

    We can create an XML document with more “bin.base64”-type nodes that contain the files we want to upload. This consideration allows the processing of multiple uploading files with a single POST.

    We can use the XMLHttpRequest object to send an XML document to a Web server using the POST method. This object provides client-side protocol support for communication with HTTP servers and allows us to send and receive MS XML Document Object Model (DOM) objects from a Web server. XMLHttpRequest is a built-in COM object with Internet Explorer 5 (not requiring a custom setup) and does not generate a context switch after posting data.

    The ADO Stream Object

    The previous considerations allow the creation (on the client-side) of an XML document with one or more binary nodes. Now we need to populate this node with the contents of the uploading files. Unfortunately, scripting languages can’t access the local file system, and the Scripting.FileSystemObject (which is a built-in COM object of the recent Win32 platform) to date can’t manage binary files. This behavior is by design. We need an other COM object that provides the access to the local binary files.

    The ADO Stream object (which is a COM object included in the MDAC 2.5 components) provides the means to read, write, and manage a stream of bytes. This byte stream may be text or binary and hasn’t particular size limitations. In ADO 2.5, Microsoft has introduced the Stream object without any dependency in the ADO object model hierarchy; therefore, we can use the Stream object without binding it to the other ADO objects.

    In this article, we use the Stream object to access file content and store it into XML node, and vice versa.

    Client-Side Code

    The following code sample provides a client-side file upload using Stream and MSXML objects:

    <HEAD><TITLE>File Send</TITLE></HEAD>
    <INPUT id=btn_send name=”btn_send” type=button value=”FILE SEND”>
    <DIV id=div_message>Ready</DIV>


    <SCRIPT LANGUAGE=JavaScript>

    // files upload function
    function btn_send.onclick()
    // create ADO-stream Object
    var ado_stream = new ActiveXObject(“ADODB.Stream”);

    // create XML document with default header and primary node
    var xml_dom = new ActiveXObject(“MSXML2.DOMDocument”);
    xml_dom.loadXML(‘<?xml version=”1.0″ ?> <root/>’);
    // specify namespaces datatypes
    xml_dom.documentElement.setAttribute(“xmlns:dt”, “urn:schemas-microsoft-com:datatypes”);

    // create a new node and set binary content
    var l_node1 = xml_dom.createElement(“file1”);
    l_node1.dataType = “bin.base64”;
    // open stream object and read source file
    ado_stream.Type = 1; // 1=adTypeBinary
    // store file content into XML node
    l_node1.nodeTypedValue = ado_stream.Read(-1); // -1=adReadAll

    // we can create more XML nodes for multiple file upload

    // send XML documento to Web server
    var xmlhttp = new ActiveXObject(“Microsoft.XMLHTTP”);“POST”,”./file_recieve.asp”,false);
    // show server message in message-area
    div_message.innerHTML = xmlhttp.ResponseText;

    Server-Side Code

    The following code sample provides a server-side file upload using the same objects:

    <%@ LANGUAGE=VBScript%>
    <% Option Explicit
    Response.Expires = 0

    ‘ define variables and COM objects
    dim ado_stream
    dim xml_dom
    dim xml_file1

    ‘ create Stream Object
    set ado_stream = Server.CreateObject(“ADODB.Stream”)
    ‘ create XMLDOM object and load it from request ASP object
    set xml_dom = Server.CreateObject(“MSXML2.DOMDocument”)
    ‘ retrieve XML node with binary content
    set xml_file1 = xml_dom.selectSingleNode(“root/file1”)

    ‘ open stream object and store XML node content into it
    ado_stream.Type = 1 ‘ 1=adTypeBinary
    ado_stream.Write xml_file1.nodeTypedValue
    ‘ save uploaded file
    ado_stream.SaveToFile “c:tmpupload1.doc”,2 ‘ 2=adSaveCreateOverWrite

    ‘ destroy COM object
    set ado_stream = Nothing
    set xml_dom = Nothing
    ‘ write message to browser
    Response.Write “Upload successful!”

    We can also use the ADO Stream to store the uploading file into a BLOB field of a database table. (See the related link for more information.)


    This strategy allows a file upload processing with several benefits:

    • It does not trigger a context switch on the client.
    • No custom ASP components are required.
    • We can use this strategy for multiple binary file upload in a single POST process.
    • This process is totally implemented into a SCRIPT code. We can easily insert this code into a script library since no HTML objects are required. We can also implement this algorithm (on the client-side) using any other language that supports the COM interface, such as Visual Basic (VB), Delphi, PowerBuilder, etc.

    Security and System Consideration

    We can use this solution only for an intranet application because it requires an IE5 security setting with low protection. We must:

    • enable script and activeX controls. This parameter allows the execution of the “myobj = new activexobject(…)” JScript statement;
    • enable access to data source through domain. This parameter allows the use of the Stream object on the client side.
      We must also install MS XML DOM 3.0 and MDAC 2.5 both on the client and server side.

    About the Author

    Marco Nanni is an Italian Web developer with experience in (D)HTML and XML technology used for implementing enterprise solutions.
    Marco can be contacted at: [email protected].

  • More by Author

    Must Read