php file upload, how to restrict file upload type
28,390
The below just uses the mime types to validate a file, then checks the size of both. For a list of most mime types see here or google.
function allowed_file(){
//Add the allowed mime-type files to an 'allowed' array
$allowed = array('application/doc', 'application/pdf', 'another/type');
//Check uploaded file type is in the above array (therefore valid)
if(in_array($_FILES['resume']['type'], $allowed) AND in_array($_FILES['reference']['type'], $allowed)){
//If filetypes allowed types are found, continue to check filesize:
if($_FILES["resume"]["size"] < 400000 AND $_FILES["reference"]["size"] < 400000 ){
//if both files are below given size limit, allow upload
//Begin filemove here....
}
}
}
Related videos on Youtube
17 : 37
LECTURE - 5 Image/File Upload Check if File Already Exists, Limit File Size, Limit File Type PHP
26 : 35
PHP File Upload | How to Upload Files and Images with PHP | PHP Tutorial | Learn PHP Programming
10 : 25
PHP File Upload Tutorial - Limit file extensions too!
10 : 14
PHP Security: File Upload
06 : 22
File Upload Content-Type Validation Bypass | Web App Penetration E02
21 : 18
PHP Cơ bản | Bài 13: Upload file trong PHP
03 : 55
How to Restrict File Upload Size in Javascript
14 : 06
PHP FILE UPLOAD | Upload files using PHP | Check file size before upload | Get upload file type
Author by
php_javascript_html_dev
Updated on February 23, 2020Comments
-
php_javascript_html_dev about 4 years
I have the following code to check if (resume and reference letter uploaded match desired type (pdf OR doc OR docx) and size (less than 400 kb)
//check file extension and size $resume= ($_FILES['resume']['name']); $reference= ($_FILES['reference']['name']); $ext = strrchr($resume, "."); $ext1 = strrchr($reference, "."); if (!(($_FILES["resume"]["type"] == "application/doc") || ($_FILES["resume"]["type"] == "application/docx") || ($_FILES["resume"]["type"] == "application/pdf" )) && (($_FILES["reference"]["type"] == "application/doc") || ($_FILES["reference"]["type"] == "application/docx") || ($_FILES["reference"]["type"] == "application/pdf")) && (($ext == ".pdf") || ($ext == ".doc") || ($ext == ".docx")) && (($ext1 == ".pdf") || ($ext1 == ".doc") || ($ext1 == ".docx")) && ($_FILES["resume"]["size"] < 400000) //accept upto 500 kb && ($_FILES["reference"]["size"] < 400000)) { stop user } else { allow files to upload }This is not working as desired, allows even txt files through + the size limit is not being checked, what is wrong with it?
Thanks,
-
home over 12 yearsOMG, you should rewrite it instead of finding the bug :-) Start by creating a list of allowed mime-types and file endings, then check against this list...
-
-
Michael Garrison almost 12 yearsI realize this post is from last year but I ran into the same issue. I attempted the answer above but my doc and pdf test files do not pass in safari and chrome (haven't tested in ie or ff). Both files are well under the 400kb specified in the script above. I went to the link and got the correct mimes:application/msword (doc) | application/pdf (pdf) | and text/plain (txt). The only other thing I took out was the reference parts. -
Michael Garrison almost 12 yearsCouldn't get it to work so I modified it a bit to work for me: ` //Add the allowed mime-type files to an 'allowed' array --endline-- $allowed = array('doc', 'docx', 'txt', 'pdf'); --endline-- //Check uploaded file type is in the above array (therefore valid) --endline-- if(in_array(pathinfo($_FILES['resume']['name'], PATHINFO_EXTENSION), $allowed)){ --endline--`
-
vertigoelectric over 8 yearsEven though this post is very old, just in case someone like me finds it trying to get help, I have relevant information to add. The $_FILES['whatever']['type'] value includes quotations, so for example it would be
"application/pdf". Those quotations will need to be removed in order for the comparison to match within_array. For example,in_array(str_replace('"','',$_FILES['whatever']['type'], $allowed))
