SitePoint Sponsor |
|
User Tag List
Results 1 to 6 of 6
-
May 2, 2001, 01:41 #1
- Join Date
- Jul 2000
- Location
- Singapore
- Posts
- 2,103
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Hi,
I am working on this web-based upload in PHP.
I'm stuck at this current problem.
How do I check file extensions and allow only certain type of files being uploaded?
So it'll forbid all files like .php to be uploaded. even .php.php would be forbidden. (just some trick i've seen people trying to beat the script)
Thanks.
Any replies would be gretaly appreciated."Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world."
-- Albert Einstein
-
May 2, 2001, 03:34 #2
- Join Date
- Jul 2000
- Location
- Perth Australia
- Posts
- 1,717
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
you could try something like..
//where $uploaded is the name of the file input field (php adds the _name bit)//
$ext=substr($uploaded_name,-3,3);
//then wherever//
if($ext!="txt" || $ext!="jpg"){ ... etc etc
or along those lines anyway.
-
May 2, 2001, 03:52 #3
- Join Date
- Jul 2000
- Location
- Singapore
- Posts
- 2,103
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
thanks! i'll give it a go
"Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world."
-- Albert Einstein
-
May 2, 2001, 03:54 #4
- Join Date
- Jun 2000
- Location
- Sydney, Australia
- Posts
- 3,798
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
You can additionally check the mime type of the uploaded file but this relies on the browser providing this info (I don't know which do/don't)
$userfile_type
or
$HTTP_POST_FILES['userfile']['type']
The mime type of the file, if the browser provided this information. An example would be "image/gif".
Note that the "$userfile" part of the above variables is whatever the name of the INPUT field of TYPE=file is in the upload form. In the above upload form example, we chose to call it "userfile"
http://www.php.net/manual/en/features.file-upload.php
-
May 2, 2001, 05:03 #5
- Join Date
- Jul 2000
- Location
- Singapore
- Posts
- 2,103
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Cool.
Thanks freaky. I thought about that. But I decided I didn't require that.
I just need the ability to upload zip/exe and set a limit of 10 mb.
the file size limit is set via the primary server config, so its safe.
I just want to make sure people cannot upload .php files for example, or .htaccess etc."Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world."
-- Albert Einstein
-
May 2, 2001, 06:55 #6
- Join Date
- Jul 2000
- Location
- Singapore
- Posts
- 2,103
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Originally posted by firepages
you could try something like..
//where $uploaded is the name of the file input field (php adds the _name bit)//
$ext=substr($uploaded_name,-3,3);
//then wherever//
if($ext!="txt" || $ext!="jpg"){ ... etc etc
or along those lines anyway."Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world."
-- Albert Einstein
Bookmarks