SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    SitePoint Wizard Anat's Avatar
    Join Date
    Oct 2000
    Posts
    1,281
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Limiting file type to be uploaded through a form

    I want to provide my users a form through which they can upload a picture. I will use the <input type="file"> tag in the form.

    The thing is I only want them to be able to upload jpg's or gif's but not other types of files. How can I limit their upload possibilities.

    I don't want to just tell them - I don't want them to upload any virus files or anything else harmful.

    Any advice is welcome!
    My Web Publishing Blog: B6S.net - I dofollow but don't spam!
    Follow me on Twitter
    My favorite content writer:
    Steve Snedeker

  2. #2
    Web-coding NINJA! silver trophy beetle's Avatar
    Join Date
    Jul 2002
    Location
    Dallas, TX
    Posts
    2,900
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Do you want to do this check client-side, or server-side?
    beetle a.k.a. Peter Bailey
    blogs: php | prophp | security | design | zen | software
    refs: dhtml | gecko | prototype | phpdocs | unicode | charsets
    tools: ide | ftp | regex | ffdev




  3. #3
    ☆★☆★ silver trophy vgarcia's Avatar
    Join Date
    Jan 2002
    Location
    in transition
    Posts
    21,235
    Mentioned
    1 Post(s)
    Tagged
    1 Thread(s)
    You can limit the file types submitted in your server-side script. Just look for the file name's extension. I'll give you an example here in ASP (imagine "UploadedFileName" is the name of the file sent to you via form):
    [vbs]
    <%
    '** in this example they can only send jpegs
    If InStr(UploadedFileName, ".jpg") < (len(UploadedFileName) - 4) Then
    response.redirect("YouTriedToSendMeAVirus.asp")
    End If
    %>
    [/vbs]

    Hope this helps!

    --Vinnie

  4. #4
    Web-coding NINJA! silver trophy beetle's Avatar
    Join Date
    Jul 2002
    Location
    Dallas, TX
    Posts
    2,900
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, since vgarcia covered the server-side, I'll show you the client side. First, download fValidate. Then, your page would look something like this
    Code:
    <html>
    <head>
    <title>whatever</title>
    <script type="text/javascript" src="fValConfig.js"></script>
    <script type="text/javascript" src="fValidate.js"></script>
    </head>
    <body>
    <form onsubmit="return validateForm(this,0,1,0,0);">
    <input type="file" name="File" alt="file|jpg|0" />
    <br />
    <input type="submit" name="Submit" />
    </form>
    </body>
    </html>
    fValidate is a form validation API developed and maintained by myself. If you have any questions regarding it's implementation, just contace me at the website
    beetle a.k.a. Peter Bailey
    blogs: php | prophp | security | design | zen | software
    refs: dhtml | gecko | prototype | phpdocs | unicode | charsets
    tools: ide | ftp | regex | ffdev




  5. #5
    SitePoint Wizard Anat's Avatar
    Join Date
    Oct 2000
    Posts
    1,281
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Is there any way to do this without any PHP or ASP? Maybe some easy javascript. I don't know about server-side or client-side ... not sure what this means.

    I am going to use a javascript to make sure other fields in the form are filled in. I think I'll use this script -
    http://www.creativeprogrammers.com/d...alidation.html

    I wonder if something can be added to it to validate the uploaded extention files...
    My Web Publishing Blog: B6S.net - I dofollow but don't spam!
    Follow me on Twitter
    My favorite content writer:
    Steve Snedeker

  6. #6
    SitePoint Wizard Anat's Avatar
    Join Date
    Oct 2000
    Posts
    1,281
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Oops - looks like we posted at the same time I think this is what I've been looking for! Thanks!
    My Web Publishing Blog: B6S.net - I dofollow but don't spam!
    Follow me on Twitter
    My favorite content writer:
    Steve Snedeker

  7. #7
    gingham dress, army boots... silver trophy redux's Avatar
    Join Date
    Apr 2002
    Location
    Salford / Manchester / UK
    Posts
    4,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by Anat
    Is there any way to do this without any PHP or ASP? Maybe some easy javascript. I don't know about server-side or client-side ...
    so, if you're not using any server-side scripting, how do you handle the file uploads ?
    re·dux (adj.): brought back; returned. used postpositively
    [latin : re-, re- + dux, leader; see duke.]
    WaSP Accessibility Task Force Member
    splintered.co.uk | photographia.co.uk | redux.deviantart.com

  8. #8
    SitePoint Wizard Bill Posters's Avatar
    Join Date
    Dec 2001
    Location
    UK
    Posts
    1,523
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What potential is there for using the accept attribute of the file type input?

    A comma-separated list of MIME types that indicates the MIME type of the file transfer.
    Code:
    accept="image/gif,image/jpeg"
    I've not use it myself nor knowingly seen it in use.
    All I know about it is what is presented in the X/HTML spec sheets.
    New Plastic Arts: Visual Communication | DesignateOnline

    Mate went to NY and all he got me was this lousy signature

  9. #9
    ☆★☆★ silver trophy vgarcia's Avatar
    Join Date
    Jan 2002
    Location
    in transition
    Posts
    21,235
    Mentioned
    1 Post(s)
    Tagged
    1 Thread(s)
    Originally posted by Bill Posters
    What potential is there for using the accept attribute of the file type input?

    A comma-separated list of MIME types that indicates the MIME type of the file transfer.
    Code:
    accept="image/gif,image/jpeg"
    I've not use it myself nor knowingly seen it in use.
    All I know about it is what is presented in the X/HTML spec sheets.
    I'm not sure if it's supported (in the browsers) so I check on the server. Also helps if javascript is disabled.

    --Vinnie

  10. #10
    gingham dress, army boots... silver trophy redux's Avatar
    Join Date
    Apr 2002
    Location
    Salford / Manchester / UK
    Posts
    4,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by Bill Posters
    What potential is there for using the accept attribute of the file type input?

    A comma-separated list of MIME types that indicates the MIME type of the file transfer.
    Code:
    accept="image/gif,image/jpeg"
    I've not use it myself nor knowingly seen it in use.
    All I know about it is what is presented in the X/HTML spec sheets.
    a malicious user could quite easily make his/her own version of the html form with the accept clause removed (provided this is actually supported/enforced by the browser in the first place). in this case, it would probably be necessary to check the referer on the receiving end, just to ensure that it's not a doctored form...in which case you may just as well check for filetypes...

    all this imho, of course
    re·dux (adj.): brought back; returned. used postpositively
    [latin : re-, re- + dux, leader; see duke.]
    WaSP Accessibility Task Force Member
    splintered.co.uk | photographia.co.uk | redux.deviantart.com

  11. #11
    SitePoint Zealot
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    108
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    help with upload cap?

    hello could anyone hello me with this my host has a post cap of 8 mb , and upload cap of 25mb ,this is set in the php ini, and the won't change it , So current they can only upload 8megs, is the and way or example of script, where my cleints and use the full 25 megs amount, by not being capped at 8 megs: I don't want them to have to use a ftp cleint?? Please help any tips or example would be great.....


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •