PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I am allowing files to be uploaded to my server, but I want to limit files being uploaded to only allow files with .txt extensions. I can print out the name of the file with:
So if I upload a file name "file.txt", that will be displayed if I print $file_name. How can i use the substr function to return part of a string after a "., meaning out of "file.txt", I only want to return the .txt portion?
Thank you all. I was able to get this working fine. I'm curious about something, I put in some print statements to test something. When using this web form:
this seem to automatically upload the file to a temporary directory on the server. I am checking the uploaded files extension to limit uploads to only .doc or .txt files. But I've noticed that when using:
$pieces = explode(".", $fileatt_name, 2);
if ($pieces[1] == "doc" || $pieces[1] == "txt")
{
// then process some stuff
works fine, but at this point the file is already uploaded to the server. Is there a way to get a files name (with it's extension) from the web form before it is ever uploaded?
I hope you realize that the file's name means little to what the file actually is. That being said, PHP alone cannot find out the file name before it is submitted. With some ajax communication and standard javascript, you can listen for the field being set by the user and transmit that data ahead of the submission.
Think of it this way: Couldn't I rename booger.php to something.gif? Yes. Does it change what the file actually was? No, it just changes the file name. It means nothing.
Guess the best way when allowing file uploads in PHP to ensure that nothing malicious is being uploaded is to run a virus scan on any file being uploaded?