Home > Database > Mysql Tutorial > body text

How to Restrict File Types and Size in PHP File Uploads?

Susan Sarandon
Release: 2024-11-01 04:58:02
Original
714 people have browsed it

How to Restrict File Types and Size in PHP File Uploads?

PHP File Upload: Efficiently Restricting File Types and Size

In PHP, controlling file uploads and ensuring the acceptance of specific file types is crucial. One user recently encountered issues with their existing validation code:

<code class="php">//check file extension and size
$resume= ($_FILES['resume']['name']);
$reference= ($_FILES['reference']['name']);
$ext = strrchr($resume, ".");
$ext1 = strrchr($reference, ".");
if (!(($_FILES["resume"]["type"] == "application/doc")
|| ($_FILES["resume"]["type"] == "application/docx")
|| ($_FILES["resume"]["type"] == "application/pdf" ))
&& (($_FILES["reference"]["type"] == "application/doc")
|| ($_FILES["reference"]["type"] == "application/docx")
|| ($_FILES["reference"]["type"] == "application/pdf"))
&& (($ext == ".pdf") || ($ext == ".doc") || ($ext == ".docx"))
&& (($ext1 == ".pdf") || ($ext1 == ".doc") || ($ext1 == ".docx"))
&&  ($_FILES["resume"]["size"] < 400000) //accept upto 500 kb
&&  ($_FILES["reference"]["size"] < 400000)) {

//stop user
} else {
// allow files to upload
}</code>
Copy after login

According to the user, this code allowed unauthorized file types (e.g., TXT) to pass through and did not enforce the size limit.

Solution: Relying on MIME Types and Proper Size Checks

To address these issues, a more robust approach is recommended:

<code class="php">function allowed_file(){

//Allowed mime-type files
$allowed = array('application/doc', 'application/pdf', 'another/type');

//Validate uploaded file type
if(in_array($_FILES['resume']['type'], $allowed) AND in_array($_FILES['reference']['type'], $allowed)){

//Check file size
if($_FILES["resume"]["size"] < 400000 AND $_FILES["reference"]["size"] < 400000 ){

//File types and size are accepted, proceed with file processing
}
}
}</code>
Copy after login

Explanation:

This improved code utilizes MIME (Multipurpose Internet Mail Extension) types rather than file extensions. MIME types accurately represent file formats and are less prone to manipulation. Additionally, it checks the file size independently for both resume and reference files, ensuring that the limit is enforced.

The above is the detailed content of How to Restrict File Types and Size in PHP File Uploads?. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!