alanl1 Posted May 23, 2013 Share Posted May 23, 2013 Hi Professionals I have a ffile and folder name passed through as a variable as shown in the code below ready to import into a database, with thanks to (barand) in a previous post I have managed to strip this to retreive the filename only, see code below $newname = $_GET['newname']; //The Uploads/ folder will need to be stripped here to retreive the filename...$filename = basename($newname,"/"); //basename function strips off filename based on first "/" echo $newname; echo $filename; is there any way to check that this is a .csv file extension and if not redirect them back to the previous page thanks in advance Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted May 23, 2013 Share Posted May 23, 2013 $csv_mimetypes = array( 'text/csv', 'text/plain', 'application/csv', 'text/comma-separated-values', 'application/excel', 'application/vnd.ms-excel', 'application/vnd.msexcel', 'text/anytext', 'application/octet-stream', 'application/txt', ); if (in_array($_FILES['upload']['type'], $csv_mimetypes)) { // possible CSV file // could also check for file content at this point to be extra sure } Quote Link to comment Share on other sites More sharing options...
alanl1 Posted May 23, 2013 Author Share Posted May 23, 2013 thanks for that but i do not understand that I have just put this on my page and tried passing through a pdf file and it still does show these when I echo them out it does not redirect back to my previous page either. sorry once again but I am very new to php $csv_mimetypes = array('text/csv','text/plain','application/csv','text/comma-separated-values','application/excel','application/vnd.ms-excel','application/vnd.msexcel','text/anytext','application/octet-stream','application/txt',); if (in_array($_FILES['upload']['type'], $csv_mimetypes)) {} $newname = $_GET['newname']; //The Uploads/ folder will need to be stripped here to retreive the filename...$filename = basename($newname,"/"); //basename function strips off filename based on first "/" Quote Link to comment Share on other sites More sharing options...
Eiseth Posted May 23, 2013 Share Posted May 23, 2013 Use finfo() when checking file extensions, this will prevent fake extensions // allowed file types here $types = array(...); // initiate finfo() and get the file type of uploaded file $finfo = new finfo(FILEINFO_MIME_TYPE); $type = $finfo->file($_FILES['file']['tmp_name']); // check in array if (!in_array($type, $types)) { // error } Quote Link to comment Share on other sites More sharing options...
DHood Posted May 23, 2013 Share Posted May 23, 2013 For the redirect part of it use header('location: /path/to/redirect.html'); Quote Link to comment Share on other sites More sharing options...
alanl1 Posted May 23, 2013 Author Share Posted May 23, 2013 hi eliseth I have $filename = basename($newname,"/"); echo $filename which results in 'testfile.csv' where does this come from $type = $finfo->file($_FILES['file']['tmp_name']); would this need to change to $type = $finfo->file($_FILES['file']['$filename']); ????? thanks Quote Link to comment Share on other sites More sharing options...
alanl1 Posted May 23, 2013 Author Share Posted May 23, 2013 Hi Professionals I am really struggling here. here is the whole code which may help. On the next page all that shows is /uploads/test_raw.csv test_raw.csv the Types variable is = Array then there is nothing else showing <STYLE TYPE="text/css"><!--TD{font-family: Arial; font-size: 8pt;}---></STYLE> <?php include("header.php"); ?><!-- <?php include("footer.php"); ?> --><?php include("ConnectDB.php"); ?> <?php $newname = $_GET['newname']; //The Uploads/ folder will need to be stripped here to retreive the filename...$filename = basename($newname,"/"); //basename function strips off filename based on first "/" echo $newname; echo $filename;// allowed file types here$types = array('text/csv','text/plain','application/csv','text/comma-separated-values','application/excel','application/vnd.ms-excel','application/vnd.msexcel','text/anytext','application/octet-stream','application/txt',);echo "the Types variable is = " .$types; // initiate finfo() and get the file type of uploaded file$finfo = new finfo(FILEINFO_MIME_TYPE);$type = $finfo->file($_FILES['file']['tmp_name']); echo "the Finfo variable is = " .$finfo;echo "the Type variable is = " .$type; // check in arrayif (!in_array($type, $types)) { echo "file has an error ";} ?> Quote Link to comment Share on other sites More sharing options...
Eiseth Posted May 23, 2013 Share Posted May 23, 2013 would this need to change to $type = $finfo->file($_FILES['file']['$filename']); ????? thanks Yup, just change it to your filename // $filename = testfile.csv $type = $finfo->file($filename); Quote Link to comment Share on other sites More sharing options...
alanl1 Posted May 23, 2013 Author Share Posted May 23, 2013 I have changed that and it still just shows the following output /uploads/test_raw.csv test_raw.csv the Types variable is = Array again here is the updated code <?php $newname = $_GET['newname']; //The Uploads/ folder will need to be stripped here to retreive the filename...$filename = basename($newname,"/"); //basename function strips off filename based on first "/" echo $newname; echo $filename;// allowed file types here$types = array('text/csv','text/plain','application/csv','text/comma-separated-values','application/excel','application/vnd.ms-excel','application/vnd.msexcel','text/anytext','application/octet-stream','application/txt',);echo "the Types variable is = " .$types; // initiate finfo() and get the file type of uploaded file$finfo = new finfo(FILEINFO_MIME_TYPE);$type = $finfo->file($filename); echo "the Finfo variable is = " .$finfo;echo "the Type variable is = " .$type; // check in arrayif (!in_array($type, $types)) { echo "file has an error ";} ?> Quote Link to comment Share on other sites More sharing options...
Eiseth Posted May 23, 2013 Share Posted May 23, 2013 Is the csv file coming from an upload or from your directory? you should use fgetcsv() it is from a folder http://php.net/manual/en/function.fgetcsv.php Quote Link to comment Share on other sites More sharing options...
alanl1 Posted May 23, 2013 Author Share Posted May 23, 2013 it is coming from a directory Quote Link to comment Share on other sites More sharing options...
Solution buzzycoder Posted May 23, 2013 Solution Share Posted May 23, 2013 I don't think this will be a better way to achieve this.But,it might help you little: <html> <head> <title>CSV Validate</title> </head> <body> <form method="post" action=""> <input type="file" name="cfile" id="cfile"> <input type="submit" value="Submit"> </form> <?php function ext($file) { return substr(strrchr($file,'.'),1); } if (isset($_POST['cfile'])) { $cfile = $_POST['cfile']; $cfile = ext($cfile); if ($cfile == 'csv'){ echo "Valid"; } else { echo "Not Valid"; } } ?> </body> </html> Quote Link to comment Share on other sites More sharing options...
alanl1 Posted May 23, 2013 Author Share Posted May 23, 2013 hi buzzycoder that works a charm. Quote Link to comment Share on other sites More sharing options...
buzzycoder Posted May 24, 2013 Share Posted May 24, 2013 I am glad it helps you bro ! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.