Checking mime type for a file being uploaded

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
croniccoder
Forum Commoner
Posts: 27
Joined: Fri Jul 07, 2006 10:45 am

Checking mime type for a file being uploaded

Post by croniccoder »

I have php code to upload a file. I want to check the extension of the file being uploaded to only allow word or text documents to be uploaded. I'm using an if statement, but am not quit sure how to do it. The code below if what I have, but doesn't seem to work. If anyone has any input, I would greatly appreciate it!

Code: Select all

if ($_FILES['uploadedFile']['type'] == application/msword || $_FILES['uploadedFile']['type'] == text/plain)

thank you
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

First off, don't rely on the file name being correct nor the content-type provided to be correct either. Both are supplied by the submitting agent and both are easily faked.

Alarmism aside, your comparison should be made against a string. The current code you have would pit a constants division for the comparison; put quotes around "application/msword" and "text/plain."
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

Dont forget that MS Word files can have the MIME Type set as "application/vnd.ms-word" so you may want to allow that too :wink:
croniccoder
Forum Commoner
Posts: 27
Joined: Fri Jul 07, 2006 10:45 am

Post by croniccoder »

Pimptastic | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


So does it appear that this code should work then?

Code: Select all

if ($_FILES['uploadedFile']['type'] == "application/msword")
{
   if(move_uploaded_file($_FILES['uploadedFile']['tmp_name'], $target_path)) 
  {
       echo "The file ".  basename( $_FILES['uploadedFile']['name']). 
      " has been uploaded";
  } 
}
else
{
   echo "This file extension is incorrect";
}
In another words, if the file being uploaded is resume.dat, then the file should not be allowed to be uploaded.


Pimptastic | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

try it.

And please use

Code: Select all

tags
Post Reply