dsp77 Posted August 5, 2010 Share Posted August 5, 2010 Hello, i have an upload form witch i cannot upload pdf it does not recognize the mine pdf type, any help please. here is the code $target_path = $_SERVER['DOCUMENT_ROOT'] . '/admin/upload/'; $target = "upload/".$HTTP_POST_FILES['uploadedfile']['name']; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); $fileSize = $_FILES['uploadedfile']['size']; $fileType = $_FILES['uploadedfile']['type']; if ($_FILES['uploadedfile']['size'] > 0) { if (($_FILES["uploadedfile"]["type"] == "image/gif") || ($_FILES["uploadedfile"]["type"] == "image/jpeg") || ($_FILES["uploadedfile"]["type"] == "image/png" ) || ($_FILES["uploadedfile"]["type"] == "application/msword" ) || ($_FILES["uploadedfile"]["type"] == "application/pdf" ) && ($_FILES["uploadedfile"]["size"] < 512000)) { move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path); $query_upload="INSERT INTO upload (upload, chair, id_domeniu, email_1) VALUES ('" . $target . $_FILES['uploadedfile']['name'] . "', '3', '$id_domeniu', '".$_GET['email_1']."')"; $query_upload="UPDATE domenii SET upload='" . $target . $_FILES['uploadedfile']['name'] . "' WHERE email_1='".$email_1."'"; mysql_query($query_upload) or die(mysql_error()); } else { echo "<script language='javascript'>alert('Programul uploadat trebuie sa fie PDF, DOC, JPEG si mai mic de 500 kilobytes.');window.location = 'javascript:history.go(-1)';</script >"; exit(); } } Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted August 5, 2010 Share Posted August 5, 2010 Rather than using this from the superglobal: $_FILES["uploadedfile"]["type"] Obtain the file type from it's extension i.e doc / pdf / jpg / gif Create your list of allowed file types and check. i.e <?php /* allowed file types */ $allowed = array('pdf','doc','gif','jpg','jpeg'); /* get uploaded file extension */ $ext = substr(strtolower(strrchr($_FILES['uploadedfile']['name'], ".")),1); if(!in_array($ext, $allowed)) { print "Filetype not allowed: ".$ext; } else { /* move uploaded file */ } ?> Quote Link to comment Share on other sites More sharing options...
AbraCadaver Posted August 5, 2010 Share Posted August 5, 2010 The file type is provided by the browser and can't be trusted. You can use the extension, though that is easy to change. You might try: finfo_file() //PHP 5.3 //or mime_content_type(); Quote Link to comment Share on other sites More sharing options...
dsp77 Posted August 5, 2010 Author Share Posted August 5, 2010 Thank you Neil it worked Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted August 5, 2010 Share Posted August 5, 2010 You're welcome Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.