Chapter 51: ASP FileSystem
1. What is FileSystemObject (FSO)?
FileSystemObject is a COM component (ActiveX object) that lets your Classic ASP code talk to the Windows file system — read/write files, create/delete folders, check existence, get properties, etc.
It is not built into VBScript itself — you must create it with:
asp
|
0 1 2 3 4 5 6 |
Set fso = Server.CreateObject("Scripting.FileSystemObject") |
Key facts:
- ProgID = “Scripting.FileSystemObject”
- Comes free with Windows (installed by default on IIS servers)
- Very powerful → can read/write any file the IIS user (usually IUSR or NETWORK SERVICE) has permission to access
- Extremely dangerous if not locked down — many classic ASP sites were hacked because of open file upload + FSO write access
2. The Main Objects You Get from FileSystemObject
When you do Server.CreateObject(“Scripting.FileSystemObject”), you get an FSO object with these main methods/properties:
| Method / Property of FSO | What it does | Returns | Real-world frequency |
|---|---|---|---|
| fso.FileExists(path) | Check if file exists | Boolean | ★★★★★ |
| fso.FolderExists(path) | Check if folder exists | Boolean | ★★★★☆ |
| fso.CreateTextFile(path) | Create/open text file for writing | TextStream object | ★★★★☆ |
| fso.OpenTextFile(path, mode) | Open text file for reading/writing/appending | TextStream object | ★★★★★ |
| fso.GetFile(path) | Get File object (size, date, name, etc.) | File object | ★★★☆☆ |
| fso.GetFolder(path) | Get Folder object (subfolders, files, size) | Folder object | ★★★☆☆ |
| fso.CopyFile(source, dest) | Copy file | — | ★★☆☆☆ |
| fso.DeleteFile(path) | Delete file | — | ★★☆☆☆ |
| fso.MoveFile(source, dest) | Move/rename file | — | ★★☆☆☆ |
TextStream object (from OpenTextFile or CreateTextFile) has:
- .ReadAll — read entire file as string
- .ReadLine — read one line
- .Write / .WriteLine — write text
- .Close — always close when done
3. Basic Example 1 – Read & Display a Text File
asp
|
0 1 2 3 4 5 6 |
<%@ Language=VBScript %> <% Option Explicit %> <!DOCTYPE html> <html> <body> <h2>Read Text File with FileSystemObject</h2> <% Dim fso, file, path, content Set fso = Server.CreateObject("Scripting.FileSystemObject") ' Convert virtual path → physical path path = Server.MapPath("data/welcome.txt") If fso.FileExists(path) Then Set file = fso.OpenTextFile(path, 1) ' 1 = ForReading content = file.ReadAll file.Close ' Safe output Response.Write "<pre>" & Server.HTMLEncode(content) & "</pre>" Else Response.Write "<p style='color:red;'>File not found: " & Server.HTMLEncode(path) & "</p>" End If Set file = Nothing Set fso = Nothing %> </body> </html> |
welcome.txt (in /data folder):
text
|
0 1 2 3 4 5 6 7 8 |
Welcome to our site! Last updated: February 2026 Visit count: 1,234 |
→ Browser shows the file content safely escaped.
4. Example 2 – Write Log File (Very Common Pattern)
asp
|
0 1 2 3 4 5 6 |
<% Dim fso, logFile, logPath, logMessage logMessage = Now() & " - User " & Request.ServerVariables("REMOTE_ADDR") & " visited page." Set fso = Server.CreateObject("Scripting.FileSystemObject") logPath = Server.MapPath("logs/visits.log") ' Append mode = 8 Set logFile = fso.OpenTextFile(logPath, 8, True) ' True = create if not exists logFile.WriteLine logMessage logFile.Close Set logFile = Nothing Set fso = Nothing %> |
→ Every page visit appends a line to logs/visits.log — very typical for simple analytics.
5. Example 3 – Create Folder if Not Exists + Write File
asp
|
0 1 2 3 4 5 6 |
<% Dim fso, folderPath, filePath Set fso = Server.CreateObject("Scripting.FileSystemObject") folderPath = Server.MapPath("uploads/reports/" & Year(Now()) & "/" & Month(Now())) If Not fso.FolderExists(folderPath) Then fso.CreateFolder(folderPath) End If filePath = folderPath & "\report_" & Day(Now()) & ".txt" Dim file Set file = fso.CreateTextFile(filePath, True) file.WriteLine "Daily report generated at " & Now() file.Close Response.Write "<p>Report saved to: " & Server.HTMLEncode(filePath) & "</p>" Set file = Nothing Set fso = Nothing %> |
6. Security & Best Practice Warnings (Critical in 2026)
- Never allow FSO to write to folders where users can upload files — classic ASP sites were hacked constantly because of this
- Disable FSO write access in IIS if possible (many hosts block it by default now)
- Never expose physical paths to users (Server.MapPath result)
- Always use Server.MapPath — never hard-code C:\inetpub\…
- Use On Error Resume Next around FSO calls + check Err.Number
- Close files immediately — file.Close + Set file = Nothing
- Log FSO errors — many sites crashed silently because disk was full
7. Teacher Summary – ASP FileSystemObject in Classic ASP
ASP FileSystemObject (Scripting.FileSystemObject) means:
- COM object created with Server.CreateObject(“Scripting.FileSystemObject”)
- Lets ASP code read/write files, create/delete folders, get file/folder info
- Most used methods: FileExists, FolderExists, OpenTextFile, CreateTextFile, GetFile, GetFolder
- Returns TextStream for read/write text, File/Folder objects for properties
- Very powerful — and very dangerous if write access is not locked down
- Always use Server.MapPath for paths
- AlwaysServer.HTMLEncode output from files
- Always close files and set objects to Nothing
This is how millions of Classic ASP sites read config files, wrote logs, generated reports, processed uploads, and more — and many legacy Indian systems still use exactly this FileSystemObject pattern in 2026.
Next class?
- Want a full example combining FSO + upload form + save file?
- Or how to read CSV line by line with TextStream?
- Or secure FSO usage (permissions, blocking)?
- Or move to the next W3Schools topic (ASP TextStream or ASP Cookies)?
Just tell me — I’m here! 🚀🇮🇳 Keep learning strong, Webliance! 😊
