Page 1 of 1
Returning part of a string
Posted: Mon Jul 24, 2006 8:47 am
by croniccoder
I am allowing files to be uploaded to my server, but I want to limit files being uploaded to only allow files with .txt extensions. I can print out the name of the file with:
Code: Select all
$file_name = $_FILES['uploadedFile']['name'];
So if I upload a file name "file.txt", that will be displayed if I print $file_name. How can i use the
substr function to return part of a string after a "
., meaning out of "file.txt", I only want to return the
.txt portion?
thank you
Posted: Mon Jul 24, 2006 8:56 am
by neophyte
Look at
substr().
BTW: Looking at the extension of a file name doesn't prove that it is a txt file.
Posted: Mon Jul 24, 2006 8:57 am
by JayBird
Code: Select all
if(preg_match("/\\.(txt)$/i", $fileName))
// file allowed
else
// file not allowed
Posted: Mon Jul 24, 2006 8:58 am
by croniccoder
I did look at substr(). What I want is to be able to get the part of the string that occurs after the period "." though.
I know in Java there is a split() method, but I'm not sure how to do it in PHP.
Posted: Mon Jul 24, 2006 9:00 am
by JayBird
croniccoder wrote:I did look at substr(). What I want is to be able to get the part of the string that occurs after the period "." though.
I know in Java there is a split() method, but I'm not sure how to do it in PHP.
split() could be used, but what if the file was called my.text.file.txt
substr() could be used, but dont forget some files can have four character extensions
Posted: Mon Jul 24, 2006 9:21 am
by jamiel
Code: Select all
function getExtension($filename)
{
return (substr($filename, strrpos($filename, '.')));
}
echo getExtension('foo.bar.txt');
Output: .txt
Posted: Mon Jul 24, 2006 9:29 am
by feyd
be careful with using
split() as it's a ereg based function.
explode() is often better.
Posted: Mon Jul 24, 2006 2:04 pm
by croniccoder
Thank you all. I was able to get this working fine. I'm curious about something, I put in some print statements to test something. When using this web form:
Code: Select all
<input name="uploadedFile" type="file">
Code: Select all
$fileatt_name = $_FILES['uploadedFile']['name'];
this seem to automatically upload the file to a temporary directory on the server. I am checking the uploaded files extension to limit uploads to only .doc or .txt files. But I've noticed that when using:
Code: Select all
$pieces = explode(".", $fileatt_name, 2);
if ($pieces[1] == "doc" || $pieces[1] == "txt")
{
// then process some stuff
works fine, but at this point the file is already uploaded to the server. Is there a way to get a files name (with it's extension) from the web form before it is ever uploaded?
Posted: Mon Jul 24, 2006 2:18 pm
by feyd
I hope you realize that the file's name means little to what the file actually is. That being said, PHP alone cannot find out the file name before it is submitted. With some ajax communication and standard javascript, you can listen for the field being set by the user and transmit that data ahead of the submission.
Posted: Mon Jul 24, 2006 2:27 pm
by croniccoder
feyd,
So a file such as resume.doc or resume.txt could actually be a virus (meaning a file with only one extension)?
Posted: Mon Jul 24, 2006 2:37 pm
by feyd
Think of it this way: Couldn't I rename booger.php to something.gif? Yes. Does it change what the file actually was? No, it just changes the file name. It means nothing.
Posted: Mon Jul 24, 2006 2:46 pm
by croniccoder
Thank you for your input.
Guess the best way when allowing file uploads in PHP to ensure that nothing malicious is being uploaded is to run a virus scan on any file being uploaded?