Results 1 to 3 of 3
  1. #1
    Join Date
    Feb 2005

    Need a bit of Upload script file type validation help...

    Was wondering if anyone could help me with the following script...
    I'm trying to only let .xls files be uploaded..
    I know my problem is around the line if (is_uploaded_file($file_array['tmp_name']!= $allowed_types)) But I'm not sure how to do what I'm trying to do... I just want to say if the file does not equal an allowed type then display the error ....
    Any suggestions would greatly be appreciated.

    $registered_types = array("application/msword" => ".doc", "application/" => ".xls, .XLS", "application/octet-stream" => ".exe, .fla (etc)");

    $allowed_types = array("application/");

    $file_dir = "/hsphere/local/home/mysite/downloads";

    foreach($_FILES as $file_name => $file_array) {

    if (is_uploaded_file($file_array['tmp_name']!= $allowed_types)) {
    $error .= "\n<li>The file that you uploaded was of a type that is not allowed, you are only allowed to upload files of the type:\n<ul>";
    while ($type = current($allowed_types)) {
    $error .= "\n<li>" . $registered_types[$type] . " (" . $type . ")</li>";
    $error .= "\n</ul>";

    if (is_uploaded_file($file_array['tmp_name'])) {
    move_uploaded_file($file_array['tmp_name'], "$file_dir/$file_array[name]") or die ("\nCurrently unable to connect, please check with your system administrator, check the path to and the permissions for the upload directory\n");

    echo "<div class=\"Instructions\">".$file_array['name']."<br>has been uploaded to the Current Price List directory.</div>";
    print "\n<form ENCTYPE=\"multipart/form-data\" action=\"" . $PHP_SELF . "\" method=\"post\">";
    print "\n<INPUT TYPE=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"" . $my_max_file_size . "\">";
    print "\n<INPUT TYPE=\"hidden\" name=\"task\" value=\"upload\">";
    print "\n<P class=\"quote\"><b>Upload Price List</b><br>";
    print "\n<br><INPUT NAME=\"the_file\" TYPE=\"file\" SIZE=\"25\" class=\"formSubmit\"><br>";
    print "\n<input type=\"submit\" Value=\"Upload\" class=\"formSubmit\">";
    print "\n</form>";

  2. #2
    Check this simple upload script

    (I was not allowed to post external URLs as I have few posts. But check the site at my signature and there is a php file upload tutorial. )

    Using this type of script I have used this code to check all MS office files ...

    if (!($userfile_type =="application/msword" OR $userfile_type =="application/" OR $userfile_type=="application/" OR $userfile_type=="image/pjpeg" OR $userfile_type=="image/gif")){$msg=$msg."Your uploaded file must be of MS-WORD, MS-Excel,MS-PowerPoint,JPG or GIF. Other file types are not allowed. Your file type is $userfile_type<BR>";

    Here the code will allow gif and jpg also.


  3. #3
    You should differentiate between needing to validate the actual file type, or just the extension. Just validating the extension is easier (strrchr) and in most cases is all you need.

    If you are only allowing images to be uploaded, for example, and then you display those images... if someone uploads a .exe with a .jpg extension, the image will just show up as a broken image. It won't execute code or anything crazy like that.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts