Check File Extension in Upload Form in PHP

Check file extension in upload form in PHP

Using if( $ext !== 'gif') might not be efficient. What if you allow like 20 different extensions?

Try:

$allowed = array('gif', 'png', 'jpg');
$filename = $_FILES['video_file']['name'];
$ext = pathinfo($filename, PATHINFO_EXTENSION);
if (!in_array($ext, $allowed)) {
    echo 'error';
}

How to check uploaded file type in PHP

Never use $_FILES..['type']. The information contained in it is not verified at all, it's a user-defined value. Test the type yourself. For images, exif_imagetype is usually a good choice:

$allowedTypes = array(IMAGETYPE_PNG, IMAGETYPE_JPEG, IMAGETYPE_GIF);
$detectedType = exif_imagetype($_FILES['fupload']['tmp_name']);
$error = !in_array($detectedType, $allowedTypes);

Alternatively, the finfo functions are great, if your server supports them.

Check file extension before submitting the form to PHP

<script>
function checkExt(){
    var allowedFiles = [".pdf"];
    var form_valid = document.getElementById("fileToUpload");
    var regex = new RegExp("([a-zA-Z0-9\s_\\.\-:])+(" + allowedFiles.join('|') + ")$");
    if (!regex.test(form_valid.value.toLowerCase())) {
        alert('only PDF are allowed');
        return false;
    }
    return true;
}
</script>

How can I check uploaded files extension?

If you run on your server(s) linux I would check the file content type with the command file that returns the real mime type of the file. Than you can be sure what that content is (in most cases).

That programm uses that magic bytes. The orginal idea is to check the first view bytes and check if a file contains a known pattern, e.g. "MZ" for windows executables or "‰PNG" for png files. However that file programm does also some more things than only the basic set of the first view bytes.

Depending on the comments, you are concerned about wrong, e.g. double file extensions. I would say don't think about it and just rename that file, in best case with some random name. That could be also helpful if you worry about that somebody just counts up some file numbers to see unpublished images.

How to get a file's extension in PHP?

People from other scripting languages always think theirs is better because they have a built-in function to do that and not PHP (I am looking at Pythonistas right now :-)).

In fact, it does exist, but few people know it. Meet pathinfo():

$ext = pathinfo($filename, PATHINFO_EXTENSION);

This is fast and built-in. pathinfo() can give you other information, such as canonical path, depending on the constant you pass to it.

Remember that if you want to be able to deal with non ASCII characters, you need to set the locale first. E.G:

setlocale(LC_ALL,'en_US.UTF-8');

Also, note this doesn't take into consideration the file content or mime-type, you only get the extension. But it's what you asked for.

Lastly, note that this works only for a file path, not a URL resources path, which is covered using PARSE_URL.

Enjoy

PHP Upload with file type and size check

This answer provides the solution to check size before uploading to data to the server. This makes sense. If you do a client check, you can eliminate unnecessary posts to your server. A sanity check on the server remains necessary, JavaScript code on the client can be altered. The other answers provide explanation on how to improve your server side code.

var mimeTypes = [
    "application/vnd.openxmlformats-officedocument.wordprocessingml.document", //docx
    "application/pdf", //pdf
    "application/msword", //doc
    "rtf;application/rtf", //rtf
    "rtf;application/x-rtf",
    "rtf;text/richtext",
    "application/vnd.oasis.opendocument.text" //odt
    ]

function readFiles(files)
{
    var iMax = files.length;
    var sum = "";
    var max = 2097152;
    for (var i = 0; i < iMax; i++) 
    {
        var fileType = files[i].type;
        var fileSize = files[i].size;
        sum += parseInt(fileSize);

        if (mimeTypes.indexOf(files[i].type) == -1)
        {   
            alert("Invalid file selected");
            return false;
        }
    }
    if (sum > max)
    {
        alert("Total file size exceeds maximum upload size.");
        return false;
    }

    return true;
}
document.getElementById("form").querySelector("input[type='file']").addEventListener("change", readFiles, false);

readFiles fires whenever a change event is fired on the file input. In browsers supporting HTML5 input elements you can read out the file type and file size property. They are inherited from the Blob object. You can even pass the file to a FileReader object allowing you to read the contents of the file.

Bug in IE 10, 11. On IE10 and 11 there is a bug present that returns an empty string on file-type when used on images. You can work around this by checking the extension.

Check Uploaded File Extension on PHP Form

Got the answer. The .errors variable was conflicting with another one earlier in the form. So, it was not validating the error. Got it working. Thanks!


Related Topics

PHP: Exceptions VS Errors

Edit Pdf En PHP

How to Get the Base Url With PHP

Submitting a Multidimensional Array Via Post With PHP

PHP: Custom Error Handler - Handling Parse & Fatal Errors

Encrypt and Decrypt Text With Rsa in PHP

PHP Curl and Cookies

Pass JavaScript Array -≫ PHP

Checking If Date Is Weekend PHP

Get Raw Post Data

PHP: How to Get All Possible Combinations of 1D Array

Is There a PHP Function Like Python'S Zip

Truncate a Multibyte String to N Chars

What Is Thread Safe or Non-Thread Safe in PHP

What's the Use of Ob_Start() in PHP

How to Post Json to PHP With Curl

Woocommerce, Get Current Product Id

Get the Client Ip Address Using PHP


Leave a reply



Submit