upload file with specific file type

Anon

Hi,

I am a php newbie and want to set a form for user to upload file. The file type must be .txt and less than 1000000 bytes. How can I do the php script?

<input type="hidden" name="max_file_size" value="1000000">
<input type="hidden" name="file_type" value="txt">
Please upload your file:<br>
<input name="userfile" type="file"><br>
<input type="submit" value="send file">
</form>

<?php
if ($userfile) {
if ($userfile_size <= 1000000 && $userfile_type="txt") {
echo("received file");
} else {
echo("File cannot be saved");
}
?>

What's wrong above code?

Thanks a lot.

gogo

Anon

What's the problem that you are experiencing?
If you specify the properties of the file to be uploaded in the INPUT statements, I think this should prevent any file type and size other than those specified from being uploaded.
I think this might work:

<?
//check for file upload
if(isset($UploadedFile))
{
print("Uploaded: $UploadedFile <BR>\n");}
else
{
print("File can not be saved");
}
?>

Anon

Remember that once the form submit button is hit, the file will be uploaded to the servers' temp directory. So you should stop the wrong file types from being submitted during the submit process.

I hope this helps!

Anon

Hi,

I must disagree with Stephen, due to the RULE of solid coding. ALLWAYS check user input from the SERVER side. This means that the html to limit certain sizes and types should be implimented, you must plain for the user who wishes to circumvent your code.

So the syntax is close to what the you sould follow albiet if I might add these few tips:

Move the check_file into a function for easy use and future painless debuging.

Move all "magic" values like 1000000 into a varible like $max_file_size

Read this section on file handling skills.
http://php.net/manual/en/ref.filesystem.php

Check the (".txt" ) a little boost might be..

$file_type =
array_pop(explode(".",$filename));

You could even get savy and compare the result to a array of exceptable values!!
(don't know if you're ready for that)

last but not least: ALLWAYS make sure that there is not harmful code in an up load and it's NOT a .php .

Well, That should be enough food for thought for now.

Zoom - zoom - zoom,
COPE

gregj

Thanks COPE!
Your comments made me think about (and actually fix) a hole I had.

I would like to add that these files should be kept outside the html directory.

Greg

Anon

Hi,

Thank you. I'm glad that information helped you.

Peace,
COPE

Anon

Hello,

When I try the same code(php4/apache).
The file gets uploaded fine, but it contains the 3 line at the top at the server side!
Content_Type: text/plain
blankline
blankline

what can I do to suppress it?

any help is greately appreciated

siamak amirghodsi

Anon

excellent tips for file uploading here. another question i've been meaning to ask for a while - is it possible to pass other form fields in the usual way at the same time as files?

for example, to have a form for file upload which also includes a target directory, or some comment, to be associated with that file? from my (admittedly limited) experiments it seems that other form field variables aren't available in the form target page in the usual way.

i find that surprising, so am fairly convinced its not true, i.e. these variables are indeed available somewhere/somehow. can anybody throw any light on this ?

thanks

ed ic

Anon

please disregard my last posting, a comical and embarrasing coding error was to blame...

ed ic

Anon

Hi there,

I think I have the same kind of problem.
I use a form to upload an image file + submit 'standard' text fields. Form declared by: <form action="upload.php"
enctype="multipart/form-data" method="post">

Text fields aren't passed thru to the called page (upload.php).
Solution is to take off 'enctype="multipart/form-data"', then text fields are passed thru, but the file is not uploaded.
My files are hosted on www.free.fr.

Does anyone know how to pass all the data (file + text fields) with 'enctype="multipart/form-data"' ?

Thank you !