I am working on code that allows a user to create a CSV (comma delimited) file in excel and upload it. However, I am running into problems with file type. On upload, I check that the MIME type of the file is text/plain. This works great when the file is uploaded from a computer that does not have Microsoft Excel. However, when the CSV file is uploaded from a computer with Excel, the MIME type is sent as application/octet stream. I am looking for suggestions on other secure ways to validate file types. Any help is appreciated.
Thanks
Validating file upload type (CSV)
Moderator: General Moderators
I would recommend mime types, but since that doesn't seem to be working the best way would probably be to get the last 3 characters in the filename and check them. An example:
Code: Select all
<?php
$filename = "example.txt";
$extension = substr($filename, -3); //returns "txt"
if ($extension == "txt")
{
//do upload
}
else
{
echo "Only .txt files are allowed";
}
?>