PHP File Upload: Efficiently Restricting File Types and Size
In PHP, controlling file uploads and ensuring the acceptance of specific file types is crucial. One user recently encountered issues with their existing validation code:
<code class="php">//check file extension and size
$resume= ($_FILES['resume']['name']);
$reference= ($_FILES['reference']['name']);
$ext = strrchr($resume, ".");
$ext1 = strrchr($reference, ".");
if (!(($_FILES["resume"]["type"] == "application/doc")
|| ($_FILES["resume"]["type"] == "application/docx")
|| ($_FILES["resume"]["type"] == "application/pdf" ))
&& (($_FILES["reference"]["type"] == "application/doc")
|| ($_FILES["reference"]["type"] == "application/docx")
|| ($_FILES["reference"]["type"] == "application/pdf"))
&& (($ext == ".pdf") || ($ext == ".doc") || ($ext == ".docx"))
&& (($ext1 == ".pdf") || ($ext1 == ".doc") || ($ext1 == ".docx"))
&& ($_FILES["resume"]["size"] < 400000) //accept upto 500 kb
&& ($_FILES["reference"]["size"] < 400000)) {
//stop user
} else {
// allow files to upload
}</code>
According to the user, this code allowed unauthorized file types (e.g., TXT) to pass through and did not enforce the size limit.
Solution: Relying on MIME Types and Proper Size Checks
To address these issues, a more robust approach is recommended:
<code class="php">function allowed_file(){
//Allowed mime-type files
$allowed = array('application/doc', 'application/pdf', 'another/type');
//Validate uploaded file type
if(in_array($_FILES['resume']['type'], $allowed) AND in_array($_FILES['reference']['type'], $allowed)){
//Check file size
if($_FILES["resume"]["size"] < 400000 AND $_FILES["reference"]["size"] < 400000 ){
//File types and size are accepted, proceed with file processing
}
}
}</code>
Explanation:
This improved code utilizes MIME (Multipurpose Internet Mail Extension) types rather than file extensions. MIME types accurately represent file formats and are less prone to manipulation. Additionally, it checks the file size independently for both resume and reference files, ensuring that the limit is enforced.
The above is the detailed content of How to Restrict File Types and Size in PHP File Uploads?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
ArtGPT
AI image generator for creative art from text prompts.
Stock Market GPT
AI powered investment research for smarter decisions
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1648
276
How to use the COALESCE() function in MySQL?
Aug 14, 2025 pm 06:15 PM
COALESCE()returnsthefirstnon-NULLvaluefromalistofexpressions,enablinggracefulhandlingofmissingdatabysubstitutingdefaults,mergingcolumnvalues,supportingcalculationswithoptionalfields,andprovidingfallbacksinjoinsandaggregations,ensuringpredictableresul
How to add a primary key to an existing table in MySQL?
Aug 12, 2025 am 04:11 AM
To add a primary key to an existing table, use the ALTERTABLE statement with the ADDPRIMARYKEY clause. 1. Ensure that the target column has no NULL value, no duplication and is defined as NOTNULL; 2. The single-column primary key syntax is ALTERTABLE table name ADDPRIMARYKEY (column name); 3. The multi-column combination primary key syntax is ALTERTABLE table name ADDPRIMARYKEY (column 1, column 2); 4. If the column allows NULL, you must first execute MODIFY to set NOTNULL; 5. Each table can only have one primary key, and the old primary key must be deleted before adding; 6. If you need to increase it yourself, you can use MODIFY to set AUTO_INCREMENT. Ensure data before operation
How to change the GROUP_CONCAT separator in MySQL
Aug 22, 2025 am 10:58 AM
You can customize the separator by using the SEPARATOR keyword in the GROUP_CONCAT() function; 1. Use SEPARATOR to specify a custom separator, such as SEPARATOR'; 'The separator can be changed to a semicolon and plus space; 2. Common examples include using the pipe character '|', space'', line break character '\n' or custom string '->' as the separator; 3. Note that the separator must be a string literal or expression, and the result length is limited by the group_concat_max_len variable, which can be adjusted by SETSESSIONgroup_concat_max_len=10000; 4. SEPARATOR is optional
How to back up a database in MySQL
Aug 11, 2025 am 10:40 AM
Using mysqldump is the most common and effective way to back up MySQL databases. It can generate SQL scripts containing table structure and data. 1. The basic syntax is: mysqldump-u[user name]-p[database name]>backup_file.sql. After execution, enter the password to generate a backup file. 2. Back up multiple databases with --databases option: mysqldump-uroot-p--databasesdb1db2>multiple_dbs_backup.sql. 3. Back up all databases with --all-databases: mysqldump-uroot-p
What is the difference between UNION and UNION ALL in MySQL?
Aug 14, 2025 pm 05:25 PM
UNIONremovesduplicateswhileUNIONALLkeepsallrowsincludingduplicates;1.UNIONperformsdeduplicationbysortingandcomparingrows,returningonlyuniqueresults,whichmakesitsloweronlargedatasets;2.UNIONALLincludeseveryrowfromeachquerywithoutcheckingforduplicates,
How to lock tables in MySQL
Aug 15, 2025 am 04:04 AM
The table can be locked manually using LOCKTABLES. The READ lock allows multiple sessions to read but cannot be written. The WRITE lock provides exclusive read and write permissions for the current session and other sessions cannot read and write. 2. The lock is only for the current connection. Execution of STARTTRANSACTION and other commands will implicitly release the lock. After locking, it can only access the locked table; 3. Only use it in specific scenarios such as MyISAM table maintenance and data backup. InnoDB should give priority to using transaction and row-level locks such as SELECT...FORUPDATE to avoid performance problems; 4. After the operation is completed, UNLOCKTABLES must be explicitly released, otherwise resource blockage may occur.
How to select data from a table in MySQL?
Aug 19, 2025 pm 01:47 PM
To select data from MySQL table, you should use SELECT statement, 1. Use SELECTcolumn1, column2FROMtable_name to obtain the specified column, or use SELECT* to obtain all columns; 2. Use WHERE clause to filter rows, such as SELECTname, ageFROMusersWHEREage>25; 3. Use ORDERBY to sort the results, such as ORDERBYageDESC, representing descending order of age; 4. Use LIMIT to limit the number of rows, such as LIMIT5 to return the first 5 rows, or use LIMIT10OFFSET20 to implement paging; 5. Use AND, OR and parentheses to combine
How to use IFNULL() in MySQL?
Aug 22, 2025 pm 02:00 PM
IFNULL()inMySQLreturnsthefirstexpressionifitisnotNULL,otherwisereturnsthesecondexpression,makingitidealforreplacingNULLvalueswithdefaults;forexample,IFNULL(middle_name,'N/A')displays'N/A'whenmiddle_nameisNULL,IFNULL(discount,0)ensurescalculationslike
