Restricting file upload to .jpg

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
andylyon87
Forum Contributor
Posts: 168
Joined: Sat Jan 31, 2004 5:31 am
Location: Dundee

Restricting file upload to .jpg

Post by andylyon87 »

I have built a file upload for a client and find that the form I have used uploads both jpg and JPG extensions, however they are then all displayed as jpg.

Is there any way of limiting the file extension to jpg so others will not be uploaded by mistake.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

why would you do that? Just copy the file into .jpg .. :?
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

When you upload an image, it's mimetype will be stored in the $_FILES['whatever your form element was']['type']. Parse that to determine the filetype.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

just to note, the file-type sent can be faked into being "proper" .. therefore, I always suggest parsing the file itself. getimagesize() can tell you what type an image is most of the time.. (some variants of JPEG are unknown to it however)
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

Ah - I new getimagesize would always work, but figured if it's already done when you upload the file, why bother. I wasn't aware it could be spoofed. Good to know.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
andylyon87
Forum Contributor
Posts: 168
Joined: Sat Jan 31, 2004 5:31 am
Location: Dundee

Post by andylyon87 »

err well sorry to dig up old posts, but my problem is the way in which the form works, I'll prob use $_File[][type]

would this work with

Code: Select all

if($_Fileї$upload]ї.jpg]){
perform upload
}else{
echo &quote;file extension must be .jpg&quote;;
}
thanks andy
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

you cannot rely on the type sent to be accurate, as it's coming from the user. You really need to check if the file is a valid image.
andylyon87
Forum Contributor
Posts: 168
Joined: Sat Jan 31, 2004 5:31 am
Location: Dundee

Post by andylyon87 »

well how would I go about checking the extension and whether it is jpg or JPG is getfilesize() case sensitive it just comes back with a number for a jpeg image not the case of the image.
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

why does the case matter?
andylyon87
Forum Contributor
Posts: 168
Joined: Sat Jan 31, 2004 5:31 am
Location: Dundee

Post by andylyon87 »

basically what happens is that the user uploads the images, but the extension of the thumbnail has to be the same as the actual image. My client is uploading the thumbnails as .jpg which is great but is uploading the photos as a mess between .JPG and .jpg and the page that reads the files is designed to only read .jpg .This is to save my client time when he chooses which images to put in the gallery he has on his site.

So he uploads an image into a thumbnails folder
He then uploads the corresponding image to the correct gallery folder
He then types the order he would like the images to show into a form and then these are read from a txt file
The files are typed into the form as a filename and the extension .jpg is added to the names.
These names are then read from the file in the gallery
When the user clicks an image it takes him to the correct image, which has to be .jpg
Post Reply