/    Sign up×
Community /Pin to ProfileBookmark

check file extension

Copy linkTweet thisAlerts:
Sep 22.2009

I’m not very good with PHP,
trying to add a little validation to my formmail script to only allow certain file extensions to be uploaded, using the script below, but even when uploading a file type thats on the whitelist, its executing the echo, can anyone tell me why?

[CODE]$filename = strtolower($_FILES[‘uploadfile’][‘name’]);
$whitelist = array(‘jpg’, ‘png’, ‘gif’, ‘jpeg’); #example of white list

if(!in_array(end(explode(‘.’, $fileName)), $whitelist))
{
echo ‘Invalid file type, image must be a JPG, PNG, GIF, or JPEG image!’;
exit(0);
}[/CODE]

to post a comment
PHP

6 Comments(s)

Copy linkTweet thisAlerts:
@NogDogSep 23.2009 — Inconsistent variable name: [B]$filename[/B] and [B]$fileName[/B] (it's case-sensitive).
Copy linkTweet thisAlerts:
@15hoursNowauthorSep 23.2009 — adjusted the code and same problem

[CODE]$filename = strtolower($_FILES['uploadfile']['name']);
$whitelist = array('jpg', 'png', 'gif', 'jpeg'); #example of white list

if(!in_array(end(explode('.', $filename)), $whitelist))
{
echo 'Invalid file type, image must be a JPG, PNG, GIF, or JPEG image!';
exit(0);
}
[/CODE]
Copy linkTweet thisAlerts:
@15hoursNowauthorSep 23.2009 — this gives the same problem

[CODE]$filename = strtolower($_FILES['uploadfile']['name']);
$whitelist = array('jpg', 'png', 'gif', 'jpeg');

$q = explode('.',$filename);
if (!in_array(trim(strtolower(end($q))),$whitelist))

{
echo 'Invalid file type, image must be a JPG, PNG, GIF, or JPEG image!';
exit(0);
}[/CODE]
Copy linkTweet thisAlerts:
@15hoursNowauthorSep 23.2009 — anyone?
Copy linkTweet thisAlerts:
@NogDogSep 23.2009 — Works OK for me. If it's not working for you, you might want to var_dump($_FILES) and see if the name is really what you think it is.

[code=php]<?php
// test data:
$_FILES['uploadfile']['name'] = 'foo.jpag';

$filename = strtolower($_FILES['uploadfile']['name']);
$whitelist = array('jpg', 'png', 'gif', 'jpeg');

$q = explode('.',$filename);
if (!in_array(trim(strtolower(end($q))),$whitelist))
{
echo 'Invalid file type, image must be a JPG, PNG, GIF, or JPEG image!';
// debug:
echo "<pre>";var_dump($_FILES);echo "</pre>";
// end debug
exit(0);
}
else
{
echo "OK";
}
[/code]
Copy linkTweet thisAlerts:
@15hoursNowauthorSep 24.2009 — My php script is not uploading files to the server, its accepting the files through the html form and sending the "attached" files to me via email. Is that why this bit of script is not working for me, because i'm not actually letting visitors upload files to a server directory?

Is there a way to check file extensions uploaded as attachments to email through an html form?
×

Success!

Help @15hoursNow spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 6.16,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @nearjob,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,
)...