Jump to content

File upload validation


Casino Man

Recommended Posts

Hi there,

 

I was given the code below (which is part of a file uploading script) and told I need to add validation on further file types. Currently it will only allow gif's, I need to add other's such as jpeg's and png's please!

 

 else {
      echo "Upload: " . $_FILES["file1"]["name"] . "<br />";
      echo "Type: " . ($_FILES[“file”][“type”] == “image/gif”). "<br />";
      echo "Size: " . ( $_FILES["file1"]["size"] / 1024) . " Kb<br />";
      echo "Temp file: " . $_FILES["file1"]["tmp_name"] . "<br />";

Link to comment
https://forums.phpfreaks.com/topic/156267-file-upload-validation/
Share on other sites

If it comes to validation and especially very thorough validation then i would recommend using objects, something along the lines of:

 

<?php
class FileUpload {
   protected $_validators = array();
   public function addValidator(Validator $validator) {
      $this->_validators[] = $validator;
   }
   public function isValid($image) {
      if (!sizeof($this->_validators)) return true;
      if (is_file($image) && is_readable($image)) {
          foreach ($this->_validators as $validator) {
              if (!$validator->isValid($image)) {
                 return false;
              }
          }
          return true;
      }
      return false;
   }
}

abstract class Validator {
   abstract public function isValid($input);
}

class ImageMimeTypeValidator extends Validator {
    protected $_imageMimeTypes;
    public function __construct($imageMimeTypes) {
        $this->_imageMimeTypes = $imageMimeTypes;
    }
    public function isValid($input) {
       $image = getimagesize($input);
       if (in_array($image['mime'], $this->_imageMimeTypes)) {
          return true;
       }
       return false;
    }
}
... more validator ..
?>

 

Use as:

 

<?php
$mimeTypes = array('image/jpeg', 'image/png', 'image/gif', ..);

$fileUpload = new FileUpload();
$fileUpload->addValidator(new ImageMimeTypeValidator($mimeTypes));

if ($fileUpload->isValid($_FILE['upload']['tmp_name'])) {
   ..valid..
}
?>

Hi there,

 

I was given the code below (which is part of a file uploading script) and told I need to add validation on further file types. Currently it will only allow gif's, I need to add other's such as jpeg's and png's please!

 

 else {
      echo "Upload: " . $_FILES["file1"]["name"] . "<br />";
      echo "Type: " . ($_FILES[“file”][“type”] == “image/gif”). "<br />";
      echo "Size: " . ( $_FILES["file1"]["size"] / 1024) . " Kb<br />";
      echo "Temp file: " . $_FILES["file1"]["tmp_name"] . "<br />";

 

There is not enough code here to really see what is going on, you are simply echoing some values. In fact you are echoing a comparison for type instead of outputting the type.

 

You should set up a simple array of valid file extensions and check against that array before processing.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.