PHP File

[icuucme]

How can i make upload validation that the uploaded file can only be of a certain name?

 

eg. The only file that can be uploaded is "name.txt" no other name is valid

[dptr1988]

What would be the purpose of restricting the upload file name?

 

Are you wanting to only allow uploads of a certain file type?

[icuucme]

yea certain file type (txt specifically) and it would be better if it could be of a certain name only (eg name.txt only)

[dptr1988]

You can read the file name from the array $_FILES. The name should be in $_FILES['name_of_input_field']['name']. You can also see the mime type that the browser sent in $_FILES['name_of_input_field']['type'].

 

Read this for more information on handling file uploads: http://us.php.net/manual/en/features.file-upload.php

 

 

But remember that if you are wanting sort files based on their type, you will need to examine the actual file contents to determine the type. When a user uploads a file, he call at any name or any type, even though it may be incorrect.

 

 

 

 

[icuucme]

You can read the file name from the array $_FILES. The name should be in $_FILES['name_of_input_field']['name']. You can also see the mime type that the browser sent in $_FILES['name_of_input_field']['type'].

 

Read this for more information on handling file uploads: http://us.php.net/manual/en/features.file-upload.php

 

 

But remember that if you are wanting sort files based on their type, you will need to examine the actual file contents to determine the type. When a user uploads a file, he call at any name or any type, even though it may be incorrect.

does $_FILES['name_of_input_field']['name'] only give the file name or does it give the directory_location + file_name ?

 

Also what is the mime type for a txt file? i tried

$_FILES['name_of_input_field']['type'] == "text/plain"

 

but it didnt work?

[dptr1988]

There are many other items in that array. You can read about them in the link I gave you.

 

The normal way to handle an upload is to get it's name from $_FILES['name_of_input_field']['tmp_name'] and use move_uploaded_file() to move it from the upload directory to your destination directory.

 

http://us.php.net/manual/en/function.move-uploaded-file.php

 

 

Example from PHP manual

<?php
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES.

$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
    echo "File is valid, and was successfully uploaded.\n";
} else {
    echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);

print "</pre>";

?>

 

 

 

If you want to see the exact format of the mime type that was sent, use something like var_dump($_FILES) to show the structure of the array and the mime type. Then try uploading a text file and you will see the mime type that your browser sends for text files.

 

[icuucme]

it was a silly mistake on my end  the form had the wrong name...that's y it was giving me invalid file.

 

it's working now