How to check the file type of an uploaded file in PHP - Checking of extensions and mime type of an uploaded file
How to check the file type of an uploaded file in PHP
In some web applications, there are situations in which users should only be allowed to upload certain type of files to server. For example, the application may accept only JPG type of files. Whne we upload a file, it is taken to a temperory location on server and from there it is copied to actual location on server. In php script When we post a from which is having a file control, the selected file content will be available in $_FILES variable.
// in the form the control would be named as document_file
<input type="file" name="document_file".......
On submission we have file content in $_FILE["document_file"] and it is placed in a temperory location on server, once the move_uploaded_file function is called, this file is moved to actual location on server. So before calling the move_uploaded_file function, we can check the type of the file and confirm whether it is allowed file type or not. if it is allowed file type then contue with moving the file to actual location, else we can exit the process.
Now lets check hoe the file type is checked:
After the POSTING of the html form which have the file control, the content of the file can be taken from the $_FILES
//upload code- start
$myfile = $_FILES['document_file'];
Nowwe can check the file type by checking the MIME type or by checking the extension of the uploaded file.
Check the file type from MIME type:
To know the MIME type do like this:
//$fileType= $myfile['type'];
//OR
$fileType= $_FILES['document_file']['type'];
// Check for file type
if($fileType != "image/jpeg" AND $fileType != "image/pjpeg" ){
exit("Invalid File Type");
}else{
move_uploaded_file($_FILES['document_file']['tmp_name'], $new_location_on_server);
}
Checking mime type for file type is not a reliable process. MIME type value may not be same for different browsers. The safe way is to check the Extension of file by using the pathinfo function.
pathinfo syntax
mixed pathinfo ( string $path [, int $options = PATHINFO_DIRNAME | PATHINFO_BASENAME | PATHINFO_EXTENSION | PATHINFO_FILENAME ] )
pathinfo() returns information about path: either an associative array or a string, depending on options. Read more..
How to use pathinfo function to check the file type?
$file_info = pathinfo($_FILES['document_file']['tmp_name']);
$fileType = strtolower($file_info['extension']);
// Check for file type
if($fileType != "jpg" AND $fileType != "jpeg" ){
exit("Invalid File Type");
}else{
move_uploaded_file($_FILES['document_file']['tmp_name'], $new_location_on_server);
}
move_uploaded_file function syntax
bool move_uploaded_file ( string $filename , string $destination )
This function checks to ensure that the file designated by filename is a valid upload file (meaning that it was uploaded via PHP's HTTP POST upload mechanism). If the file is valid, it will be moved to the filename given by destination. Read more....
$_FILES Variable
An associative array of items uploaded to the current script via the HTTP POST method. Read more
Path functions in PHP
In some web applications, there are situations in which users should only be allowed to upload certain type of files to server. For example, the application may accept only JPG type of files. Whne we upload a file, it is taken to a temperory location on server and from there it is copied to actual location on server. In php script When we post a from which is having a file control, the selected file content will be available in $_FILES variable.
// in the form the control would be named as document_file
<input type="file" name="document_file".......
On submission we have file content in $_FILE["document_file"] and it is placed in a temperory location on server, once the move_uploaded_file function is called, this file is moved to actual location on server. So before calling the move_uploaded_file function, we can check the type of the file and confirm whether it is allowed file type or not. if it is allowed file type then contue with moving the file to actual location, else we can exit the process.
Now lets check hoe the file type is checked:
After the POSTING of the html form which have the file control, the content of the file can be taken from the $_FILES
//upload code- start
$myfile = $_FILES['document_file'];
Nowwe can check the file type by checking the MIME type or by checking the extension of the uploaded file.
Check the file type from MIME type:
To know the MIME type do like this:
//$fileType= $myfile['type'];
//OR
$fileType= $_FILES['document_file']['type'];
// Check for file type
if($fileType != "image/jpeg" AND $fileType != "image/pjpeg" ){
exit("Invalid File Type");
}else{
move_uploaded_file($_FILES['document_file']['tmp_name'], $new_location_on_server);
}
Checking mime type for file type is not a reliable process. MIME type value may not be same for different browsers. The safe way is to check the Extension of file by using the pathinfo function.
pathinfo syntax
mixed pathinfo ( string $path [, int $options = PATHINFO_DIRNAME | PATHINFO_BASENAME | PATHINFO_EXTENSION | PATHINFO_FILENAME ] )
pathinfo() returns information about path: either an associative array or a string, depending on options. Read more..
How to use pathinfo function to check the file type?
$file_info = pathinfo($_FILES['document_file']['tmp_name']);
$fileType = strtolower($file_info['extension']);
// Check for file type
if($fileType != "jpg" AND $fileType != "jpeg" ){
exit("Invalid File Type");
}else{
move_uploaded_file($_FILES['document_file']['tmp_name'], $new_location_on_server);
}
move_uploaded_file function syntax
bool move_uploaded_file ( string $filename , string $destination )
This function checks to ensure that the file designated by filename is a valid upload file (meaning that it was uploaded via PHP's HTTP POST upload mechanism). If the file is valid, it will be moved to the filename given by destination. Read more....
$_FILES Variable
An associative array of items uploaded to the current script via the HTTP POST method. Read more
Path functions in PHP
Comments
Post a Comment