how to only allow upload of ms word documents?

[chrisuk]

Can anybody tell me how to check that an uploaded file is a .doc?

 

I tried this:

 

<?php

$file = $_FILES['uploadedfile']["name"];

//gets the filename and extension from the file input in the form 
$filenamecheck = $file_name; 
$accept_mtype = "application/ms-word"; 
$m_type =  $HTTP_POST_FILES['uploadedfile']['type']; 
/*Checks whether input file exists  & checks to see whether the file is a pdf 
file. It only uploads PDF files 
*/ 
//comment for debug
if ($m_type != "application/ms-word" ) {
echo "error"; }
else { 
...continue...
?>

 

from a script sample, but this just gives "error" for any file attachment.

 

Can anybody spot what i am doing wrong?

[simcoweb]

Normally you'd just validate against the extension since Word documents have the .doc extension. For example, here's how I validate an image extension on a file upload:

 

<?php
$allowedUpload = preg_match('/\\.(gif|jpg|jpeg|png)$/i', $_FILES['photo']['name']) ? true : false;
?>

[chrisuk]

Thanks for that - so could i just restructure it to:

 

<?php
if  !preg_match('/\\.(doc)$/i', $_FILES['uploadedfile']['name']) {
echo "error"; 
} else {
...continue...
}
?> 

 

?

[simcoweb]

Yes, that should work.

[chrisuk]

and it does!

 

the amount of clarting on I have been doing and in the end it comes down to one line of code

 

typical 

 

Thanks!!

[Orio]

I suggest:

 

<?php
if(strtolower(strrchr($_FILES['uploadedfile']['name'], ".")) != ".doc")
echo "Invalid!";
?>

 

 

Orio.

[chrisuk]

simcoweb - for some reason jpg files still upload?? bizarre, other formats produce the expected error.

[simcoweb]

That is really weird. If you want to, try Orio's code suggestion instead. It's similar but uses some additional techniques that could be really helpful like the strtolower function that changes everything to lowercase which, in turn, makes it easier to validate.