simplest way to restrict file type on image uploads

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
fariquzeli
Forum Contributor
Posts: 144
Joined: Mon Jun 24, 2002 9:16 am
Location: Chicago
Contact:

simplest way to restrict file type on image uploads

Post by fariquzeli »

I'm making a small app add-on to my shopping cart and i have a portion where users are allowed to upload an image. Now I only want them to be able to upload image files of 6 types:

gif jpg tif png pdf and eps

What's the easiest way to do this?
pootergeist
Forum Contributor
Posts: 273
Joined: Thu Feb 27, 2003 7:22 am
Location: UK

Post by pootergeist »

if(in_array(substr($_FILES['form_field_name']['name'],strrpos('.',$_FILES['form_field_name']['name'])),array('gif','tif','tiff','png','jpg','jpeg','pdf','eps')))

might need +1 on the strrpos bit

the second index return of getimagesize would have worked for gif/jpg/png/swf - returning 0 for all else

if(strpos($_FILES['form_field_name']['type'],'image') > -1)

would have worked if eps and pdf returned image in the mime headers - which I doubt they do.

--------------------

all above code flytyped late at night - ergo untested - conceptually sound though.
User avatar
evilmonkey
Forum Regular
Posts: 823
Joined: Sun Oct 06, 2002 1:24 pm
Location: Toronto, Canada

Post by evilmonkey »

[EDIT]: Hmm, looks like I'm two minutes too late :( . Oh well, it's a good reference. [/EDIT]

OOh, Oooh, I know! :lol:

What I think you want is to check the mime type of the uploaded file (a mime type look something like this: image/gif, or application/xzip, etc.). So you might want to do something like this:

Code: Select all

if ($_FILES['userfile']['type']=="image/gif" || $_FILES['userfile']['type']=="image/pjpeg" || || $_FILES['userfile']['type']=="image/png" || || $_FILES['userfile']['type']=="image/tiff" || || $_FILES['userfile']['type']=="image/pdf" || || $_FILES['userfile']['type']=="image/eps") {
//upload them}
else{
//give error message}
You might want to check into pdf, as it's not an image :)

BTW, ['userfile'] is the variable named in your HTML form:

Code: Select all

echo "<input type="file" name="userfile"><br>";
Good luck. :)
fariquzeli
Forum Contributor
Posts: 144
Joined: Mon Jun 24, 2002 9:16 am
Location: Chicago
Contact:

Post by fariquzeli »

I had originally set it up evil monkey's way but the problem is that I always get the error returned "invalid file type" (my programmed error) but when I echo out the variable $_FILES['picture']['type'] it echos out image/pjpeg just like it is supposed to.

Now I have that in the if statement but it still does this.

If I delete all the or's (put just the if ($_FILES['picture']['type'] !== "image/pjpeg") the script works fine.

Is there another way to code that part or do I have the formatting wrong? Here's the code:

Code: Select all

<?php
//check for proper fileTypes
if ($_FILES['picture']['type'] !== "image/gif" || $_FILES['picture']['type'] !== "image/pjpeg" || $_FILES['picture']['type'] !== "image/png" || $_FILES['picture']['type'] !== "image/tif" || $_FILES['picture']['type'] !== "application/postscript" || $_FILES['picture']['type'] !== "application/pdf") {
echo $_FILES['picture']['type'];
echo ("<center><font size='2'face='verdana,arial'color='red'><b>You entered an invalid file type, you may only upload .gif, .jpg, .eps, .pdf, .png, or .tif file formats.<br>");
echo ("<br><a href='javascript:history.back()'>Please Go Back</a> and upload a different file format.</b></font></center>");

?>
User avatar
evilmonkey
Forum Regular
Posts: 823
Joined: Sun Oct 06, 2002 1:24 pm
Location: Toronto, Canada

Post by evilmonkey »

From what I see you have a logic error. Translate this code into english: if the image is not a jpeg, or if it's not gif...(notice, if it's not a jpeg, it returns a false, and it's not a gif, it returns a false as well). My script checks for what they are, not for what they're not.

Another thig, there is not such thing as !==. You have either a == or a !=. If !== exists, i haven't seen it. Try changin it to !=, but I still reccommend my original way. Good luck.
fariquzeli
Forum Contributor
Posts: 144
Joined: Mon Jun 24, 2002 9:16 am
Location: Chicago
Contact:

Post by fariquzeli »

I see, I recoded it your way and it works fine.

Thanks :)
User avatar
evilmonkey
Forum Regular
Posts: 823
Joined: Sun Oct 06, 2002 1:24 pm
Location: Toronto, Canada

Post by evilmonkey »

No problem, glad to help!
Post Reply