pugandjody
asked on
php upload file
I have this script that uploads files:
<?php
// Where the file is going to be placed
$target_path = "uploads/";
// Add the original filename to our target path. Result is "uploads/filename.extensio n"
$target_path = $target_directory . basename( $_FILES['uploadedfile']['n ame']);
$_FILES['uploadedfile']['t mp_name']; // This is how we will get the temporary file...
$target_path = "uploads/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['n ame']);
if(move_uploaded_file($_FI LES['uploa dedfile'][ 'tmp_name' ], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['n ame']). " has been uploaded";
} else{
echo "There was an error uploading the file, please try again!";
}
?>
But I want it to check to see if the file extension is .exe and if it is then echo "You can't upload an exe file". If not then go ahead with the upload.
Thanks,
Clay
<?php
// Where the file is going to be placed
$target_path = "uploads/";
// Add the original filename to our target path. Result is "uploads/filename.extensio
$target_path = $target_directory . basename( $_FILES['uploadedfile']['n
$_FILES['uploadedfile']['t
$target_path = "uploads/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['n
if(move_uploaded_file($_FI
echo "The file ". basename( $_FILES['uploadedfile']['n
} else{
echo "There was an error uploading the file, please try again!";
}
?>
But I want it to check to see if the file extension is .exe and if it is then echo "You can't upload an exe file". If not then go ahead with the upload.
Thanks,
Clay
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What's with this logic? If the ext is a jpeg then warn/alert it's an exe? Besides, this is PHP support. =)
if(ext=="jpeg")
{
alert("You cannot upload .exe file");
return false;
}
if(ext=="jpeg")
{
alert("You cannot upload .exe file");
return false;
}
Wouldn't it be wiser to have a whitelist instead of a blacklist approach?
Also str_kani, having javascript checks isn't security!. It is quite easy to shut down javascript while uploading your executables!
-r-
Also str_kani, having javascript checks isn't security!. It is quite easy to shut down javascript while uploading your executables!
-r-
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
Accept: Promethyl
Any objections should be posted here in the next 4 days. After that time, the question will be closed.
Huji
EE Cleanup Volunteer
I will leave the following recommendation for this question in the Cleanup topic area:
Accept: Promethyl
Any objections should be posted here in the next 4 days. After that time, the question will be closed.
Huji
EE Cleanup Volunteer
You can use a function like the follwing one to validate whether the user uploads a valid file or not.
If you valdate using server side script, it will validate ONLY after the entire file is uploaded, if you validate this in client side, then the following will prompt the user to select a valid file (non-exe) to upload , this will happen well before the browser starts uploading this on to the server....
function validate_extention()
{
with(document.formname)
{
imagefilelength=imgvalue.l
indexofdot=imgvalue.indexO
extension=imgvalue.substri
ext=extension.toLowerCase(
if(ext=="jpeg")
{
alert("You cannot upload .exe file");
return false;
}
else
{
//valid file extention, do the rest
}
}
}
Hope this helps you.