Re: Checking file type when uploading

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 1:40 PM -0700 9/17/10, Catherine Madsen wrote:
Hi!

I have created a form following the PHP manual to upload files and need
to restrict the upload to only PDF.  How do I check the file type
($_FILES['userfile']['type']?) and where: on the form page or on the
validation page?  I want to be able to tell the users that their file
doesn't have the right format.  Thank you very much for your help!
-snip-
Catherine

Catherine:

Two things:

First, you can't do anything to the file before you upload it. You must have the file before you can test it.

Second, extensions can be bogus.

As such, I would recommend examining the contents of the file after it has been uploaded. For example, if you examine a pdf file you will find that most have "PDF" appearing within the first four bytes. Likewise, jpeg files have "JFIF" appearing within the first 10 bytes and gifs have "GIF" appearing as the first three bytes. Most files have some indication of what they are in their headers.

Now, this does not mean that the file having the proper header identification is guaranteed to be not something else, because it can be something else. I have an example of a PNG file that is a javascript script that can be run by simply loading it. It's very interesting.

The programmer used a PNG generator to reduce the size of his script to get it under the weight (size) restrictions of a contest. Very imaginative, but it shows that sometimes things are not what they claim to be.

Cheers,

tedd
--
-------
http://sperling.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux