At 1:40 PM -0700 9/17/10, Catherine Madsen wrote:
Hi!
I have created a form following the PHP manual to upload files and need
to restrict the upload to only PDF. How do I check the file type
($_FILES['userfile']['type']?) and where: on the form page or on the
validation page? I want to be able to tell the users that their file
doesn't have the right format. Thank you very much for your help!
-snip-
Catherine
Catherine:
Two things:
First, you can't do anything to the file before you upload it. You
must have the file before you can test it.
Second, extensions can be bogus.
As such, I would recommend examining the contents of the file after
it has been uploaded. For example, if you examine a pdf file you will
find that most have "PDF" appearing within the first four bytes.
Likewise, jpeg files have "JFIF" appearing within the first 10 bytes
and gifs have "GIF" appearing as the first three bytes. Most files
have some indication of what they are in their headers.
Now, this does not mean that the file having the proper header
identification is guaranteed to be not something else, because it can
be something else. I have an example of a PNG file that is a
javascript script that can be run by simply loading it. It's very
interesting.
The programmer used a PNG generator to reduce the size of his script
to get it under the weight (size) restrictions of a contest. Very
imaginative, but it shows that sometimes things are not what they
claim to be.
Cheers,
tedd
--
-------
http://sperling.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
