Page 1 of 1
Checking mime type for a file being uploaded
Posted: Fri Jul 07, 2006 10:51 am
by croniccoder
I have php code to upload a file. I want to check the extension of the file being uploaded to only allow word or text documents to be uploaded. I'm using an if statement, but am not quit sure how to do it. The code below if what I have, but doesn't seem to work. If anyone has any input, I would greatly appreciate it!
Code: Select all
if ($_FILES['uploadedFile']['type'] == application/msword || $_FILES['uploadedFile']['type'] == text/plain)
thank you
Posted: Fri Jul 07, 2006 11:04 am
by feyd
First off, don't rely on the file name being correct nor the content-type provided to be correct either. Both are supplied by the submitting agent and both are easily faked.
Alarmism aside, your comparison should be made against a string. The current code you have would pit a constants division for the comparison; put quotes around "application/msword" and "text/plain."
Posted: Fri Jul 07, 2006 11:09 am
by JayBird
Dont forget that MS Word files can have the MIME Type set as "application/vnd.ms-word" so you may want to allow that too

Posted: Fri Jul 07, 2006 11:19 am
by croniccoder
Pimptastic | Please use Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
So does it appear that this code should work then?
Code: Select all
if ($_FILES['uploadedFile']['type'] == "application/msword")
{
if(move_uploaded_file($_FILES['uploadedFile']['tmp_name'], $target_path))
{
echo "The file ". basename( $_FILES['uploadedFile']['name']).
" has been uploaded";
}
}
else
{
echo "This file extension is incorrect";
}
In another words, if the file being uploaded is resume.dat, then the file should not be allowed to be uploaded.
Pimptastic | Please use Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Posted: Fri Jul 07, 2006 11:20 am
by JayBird