Upload DOC or PDF using PHP
Don't use the ['type']
parameter to validate uploads. That field is user-provided, and can be trivially forged, allowing ANY type of file to be uploaded. The same goes for the ['name']
parameter - that's the name of the file as provided by the user. It is also trivial to forge, so the user's sending nastyvirus.exe
and calling it cutekittens.jpg
.
The proper method for validating uploads is to use server-side mime-type determination, e.g. via fileinfo, plus having proper upload success checking, which you do not:
if ($_FILES['file']['error'] !== UPLOAD_ERR_OK) {
die("Upload failed with error " . $_FILES['file']['error']);
}
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime = finfo_file($finfo, $_FILES['file']['tmp_name']);
$ok = false;
switch ($mime) {
case 'image/jpeg':
case 'application/pdf'
case etc....
$ok = true;
default:
die("Unknown/not permitted file type");
}
move_uploaded_file(...);
You are also using the user-provided filename as part of the final destination of the move_uploaded_files. it is also trivial to embed path data into that filename, which you then blindly use. That means a malicious remote user can scribble on ANY file on your server that they know the path for, plus plant new files.
how to upload pdf or doc or txt files in php
You need to amend your codes so that it will not check the image size and also allow DOC, DOCX and PDF files.
Hence, you need to change two blocks:
(1) Change the following block
$check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
if($check !== false) {
echo "File is an image - " . $check["mime"] . ".";
$uploadOk = 1;
} else {
echo "File is not an image.";
$uploadOk = 0;
}
to
$uploadOk = 1;
and (2) change the following
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
$uploadOk = 0;
}
to
if(
$imageFileType != "docx" &&
$imageFileType != "doc" && $imageFileType != "pdf" && $imageFileType != "txt" &&
$imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
echo "Sorry, only TXT, PDF, DOC, DOCX , JPG, JPEG, PNG & GIF files are allowed.";
$uploadOk = 0;
}
Please let us know whether it solves your problem.
Codes in how to upload pdf file using PHP
There is a lot of tutorials out there. This tutorial worked for me.
Step 1 – A basic user interface to select file
<form action="upload_file.php" method="post" enctype="multipart/form-data">
<input type="file" name="file" size="50" />
<br />
<input type="submit" value="Upload" />
</form>
Step 2 – Uploading file to server PHP script
<?php
$targetfolder = "testupload/";
$targetfolder = $targetfolder . basename( $_FILES['file']['name']) ;
if(move_uploaded_file($_FILES['file']['tmp_name'], $targetfolder))
{
echo "The file ". basename( $_FILES['file']['name']). " is uploaded";
}
else {
echo "Problem uploading file";
}
?>
Limiting the file types / Uploading images with PHP script
<?php
$targetfolder = "testupload/";
$targetfolder = $targetfolder . basename( $_FILES['file']['name']) ;
$ok=1;
$file_type=$_FILES['file']['type'];
if ($file_type=="application/pdf" || $file_type=="image/gif" || $file_type=="image/jpeg") {
if(move_uploaded_file($_FILES['file']['tmp_name'], $targetfolder))
{
echo "The file ". basename( $_FILES['file']['name']). " is uploaded";
}
else {
echo "Problem uploading file";
}
}
else {
echo "You may only upload PDFs, JPEGs or GIF files.<br>";
}
?>
upload only doc and pdf file in php
There are already some question about the same topic. I will post answer again, I guess...
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime = finfo_file($finfo, $_FILES['file']['TMP_NAME']);
switch ($mime) {
case 'image/jpeg':
case 'application/pdf':
case etc....:
default:
die("Unknown/not permitted file type");
}
Source: Upload DOC or PDF using PHP
upload doc, docx, pdf files on server using php
Try this....
you are miss 'enctype="multipart/form-data"' in your form
you are writing client-side code, all you need to know is use multipart/form-data when your form includes any elements.
http://www.faqs.org/rfcs/rfc1867.html
<?php
if($_POST['save'])
{
$target_dir = "media/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
if (file_exists($target_file))
{
echo "Sorry, file already exists.";
$uploadOk = 0;
}
if ($_FILES["fileToUpload"]["size"] > 500000)
{
echo "Sorry, your file is too large.";
$uploadOk = 0;
}
if($imageFileType != "doc" && $imageFileType != "docx" && $imageFileType != "pdf" )
{
echo "Sorry, only doc, docx, pdf";
$uploadOk = 0;
}
if ($uploadOk == 0)
{
echo "Sorry, your file was not uploaded.";
}
else
{
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file))
{
echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
}
else
{
echo "Sorry, there was an error uploading your file.";
}
}
}
?>
<p> </p>
<form class="form-horizontal" enctype="multipart/form-data" role="form" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="POST">
<input type="file" name="fileToUpload" id="fileToUpload">
<button type="submit" value="submit" name="save">Save</button>
</form>
uploading .docx files using php
Your if
statement checking mime types won't accept docx files.
See here for a list of mime types for MS Office files. In your case you need to allow application/vnd.openxmlformats-officedocument.wordprocessingml.document
as well.
May I suggest a minor refactor:
$allowedMimes = [
'application/pdf',
'application/msword',
'text/plain',
'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
];
if (in_array($_FILES['file']['type'], $allowedMimes)) {
// .. continue to upload
} else {
// show supported file types message
}
PHP fileUpload with Pdf/Docx Instead of Image
Basically, I just changed all $imagefileType
to $fileType
and it works!! I just skipped the image check as shown with the comment section below. Even not sure if it is needed for pdf/doc & docx unlike image. I appreciate If anyone provide additional information I skipped or it's already fine this way @bxN5 @Ravinder Reddy.
It's just simple as is.
<?php
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$fileType = pathinfo($target_file,PATHINFO_EXTENSION);
/*
if(isset($_POST["submit"])) {
$check = getfilesize($_FILES["fileToUpload"]["tmp_name"]);
if($check !== false) {
echo "File is an image - " . $check["mime"] . ".";
$uploadOk = 1;
} else {
echo "File is not an image.";
$uploadOk = 0;
}
}
*/
if (file_exists($target_file)) {
echo "Sorry, file already exists.";
$uploadOk = 0;
}
if ($_FILES["fileToUpload"]["size"] > 500000) {
echo "Sorry, your file is too large.";
$uploadOk = 0;
}
if($fileType != "pdf" && $fileType != "doc" && $fileType != "docx") {
echo "Sorry, only PDF, DOC & DOCX files are allowed.";
$uploadOk = 0;
}
if ($uploadOk == 0) {
echo "Sorry, your file was not uploaded.";
} else {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
} else {
echo "Sorry, there was an error uploading your file.";
}
}
?>
How to upload only pdf files in PHP
What you want is HTML5 which has a file type selector used for the dialog box in the <input type="file" ... >
HTML code.
please see MDN documentation.
Example:
<input type="file" name="pdf" id="pdf" accept="application/pdf" >
From https://stackoverflow.com/a/7575533/3536236 Please note that due to the age of this answer they state "this is not widely accepted" but that is not so, input
accept
is now very widely accepted in HTML5 markup.
This is not a PHP issue as PHP can only play with the file once it's been uploaded. PHP should also check the file type once uploaded as the HTML accept can be duped.
To further clarify - PHP can not check the file that is to be uploaded before it is uploaded because PHP works on the server side only. Hence I suggest using HTML5 markup to select only files that (look like) PDFs, then once uploaded your PHP script can check the file type validity and then handle the outcomes.
PHP has no place in choosing the file before it is uploaded, that is entirely down to the end user browser and HTML.
Pdf or doc or docx file upload using php
Check mime types on http://www.freeformatter.com/mime-types-list.html and modify line:
if ($_FILES['filepdf']['type'] != "application/pdf") {
to:
if ($_FILES['filepdf']['type'] != "application/pdf" OR $_FILES['filepdf']['type'] != "typename2" OR $_FILES['filepdf']['type'] != "typename3) {
where typename is Your selected mimetypes eg. "application/msword" for .doc extension.
PHP Upload form, PDF, Doc & Docx
For docx
check this MIME type
application/vnd.openxmlformats-officedocument.wordprocessingml.document
EDIT :
Here's the code . You're missing parenthesis
<?php
$allowedExts = array("pdf", "doc", "docx");
$extension = end(explode(".", $_FILES["file"]["name"]));
if (($_FILES["file"]["type"] == "application/pdf") || ($_FILES["file"]["type"] == "application/msword") || ($_FILES["file"]["type"] == "application/vnd.openxmlformats-officedocument.wordprocessingml.document") && ($_FILES["file"]["size"] < 20000000) && in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
}
else
{
echo "Success";
}
}
Related Topics
"Web Interface" to PHPunit Tests
Sending Data Using Post in Python to PHP
How to Add a Watermark to an Existing PDF File Using PHP
Remove Zero Values from a PHP Array
Alternative to File_Get_Contents
Laravel Orm from Self Referencing Table Get N Level Hierarchy JSON
When to Wrap Curly Braces Around a Variable
Laravel 5 Socialite - Curl Error 77: Error Setting Certificate Verify Locations
Boolean Variables Posted Through Ajax Being Treated as Strings in Server Side
Send a JSON Object from Android to PHP Server with Post Method and Httpurlconnection
PHP Include(): File Size & Performance
Show Hide Div If, If Statement Is True
Why Is Type Hinting Necessary in PHP