SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    The Hiding One lynlimz's Avatar
    Join Date
    Jul 2000
    Location
    Singapore
    Posts
    2,103
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    I am working on this web-based upload in PHP.
    I'm stuck at this current problem.

    How do I check file extensions and allow only certain type of files being uploaded?

    So it'll forbid all files like .php to be uploaded. even .php.php would be forbidden. (just some trick i've seen people trying to beat the script)

    Thanks.
    Any replies would be gretaly appreciated.
    "Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world."
    -- Albert Einstein

  2. #2
    ********* wombat firepages's Avatar
    Join Date
    Jul 2000
    Location
    Perth Australia
    Posts
    1,717
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    you could try something like..

    //where $uploaded is the name of the file input field (php adds the _name bit)//
    $ext=substr($uploaded_name,-3,3);

    //then wherever//
    if($ext!="txt" || $ext!="jpg"){ ... etc etc

    or along those lines anyway.

  3. #3
    The Hiding One lynlimz's Avatar
    Join Date
    Jul 2000
    Location
    Singapore
    Posts
    2,103
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks! i'll give it a go
    "Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world."
    -- Albert Einstein

  4. #4
    ********* Callithumpian silver trophy freakysid's Avatar
    Join Date
    Jun 2000
    Location
    Sydney, Australia
    Posts
    3,798
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can additionally check the mime type of the uploaded file but this relies on the browser providing this info (I don't know which do/don't)

    $userfile_type
    or
    $HTTP_POST_FILES['userfile']['type']

    The mime type of the file, if the browser provided this information. An example would be "image/gif".

    Note that the "$userfile" part of the above variables is whatever the name of the INPUT field of TYPE=file is in the upload form. In the above upload form example, we chose to call it "userfile"

    http://www.php.net/manual/en/features.file-upload.php

  5. #5
    The Hiding One lynlimz's Avatar
    Join Date
    Jul 2000
    Location
    Singapore
    Posts
    2,103
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Cool.
    Thanks freaky. I thought about that. But I decided I didn't require that.

    I just need the ability to upload zip/exe and set a limit of 10 mb.

    the file size limit is set via the primary server config, so its safe.

    I just want to make sure people cannot upload .php files for example, or .htaccess etc.
    "Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world."
    -- Albert Einstein

  6. #6
    The Hiding One lynlimz's Avatar
    Join Date
    Jul 2000
    Location
    Singapore
    Posts
    2,103
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by firepages
    you could try something like..

    //where $uploaded is the name of the file input field (php adds the _name bit)//
    $ext=substr($uploaded_name,-3,3);

    //then wherever//
    if($ext!="txt" || $ext!="jpg"){ ... etc etc

    or along those lines anyway.
    btw..these do not work...somehow/..
    "Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world."
    -- Albert Einstein


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •