Solved

Best way to check for file type and size before uploading with Coldfusion?

Posted on 2011-03-17
15
335 Views
Last Modified: 2012-05-11
I want to let people upload files onto my server, but I want the system to check to make sure the file is one of the correct file types(.gif, Jpeg, Bmp) I allow; then to make sure the file is not to big.
I would like the system to check for all this on the same page, can someone help me with this?

You can see the code below of what I'm using now, but this is done on my post page not the form page?
<cftry>
<cffile action="upload" 
 destination="#path#\images\LOGO\" 
  filefield="LOGO"
  nameconflict="overwrite">
  
  
  
  <cfquery datasource="#dn#">
  update Logos 
  set logos = '#Clientfile#'
  where id= #customer.ID# 
    </cfquery>
	
	<cfif cffile.filesize gt 2000>
	<cfthrow type="sizeerror"
	message="File is to big; your file must be smaller than 2.0mb.">
	</cfif>
	
	<cfcatch type="sizeerror">
	<cfabort showerror="#cfcatch.message#">
	
	</cfcatch>
  </cftry>

Open in new window

0
Comment
Question by:overcolor
  • 6
  • 6
  • 2
  • +1
15 Comments
 
LVL 6

Expert Comment

by:billfusion
ID: 35161232
To get file information from the client before it is uploaded to your CF server, you may need an upload client side plug in.  We've done this in the long past with an ActiveX controller that ran on the client's device when they select a file to upload.
0
 
LVL 52

Accepted Solution

by:
_agx_ earned 500 total points
ID: 35161348
If you're using  <cffileupload>, it supports limiting the file types and sizes via flash. However, you should still re-validate on the server as you're doing now for security reasons.  Never trust client side validation.

http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec18238-7fd0.html

<cffileupload
    extensionfilter = "none|jpg,jpeg,png"
    maxuploadsize = "file size in mega bytes" ....>
0
 

Author Comment

by:overcolor
ID: 35161650
@Billfusion can you give me an example?

@Agx I was trying to do this without cffileupload for non-flash browser, but please let me know if I'm doing this wrong??
0
 
LVL 52

Expert Comment

by:_agx_
ID: 35162403
I was trying to do this without cffileupload for non-flash browser,

Ok. But you can't do this on the client side using plain html alone.  As Billfusion said you need some sort of plugin like ActiveX or a java applet, Flash, etc...  Not every browser supports them, and they can all be disabled.  So with any of those options you risk excluding a portion of your users.  So if you really want a client side filter too - then it's a matter of choosing the lesser of the evils.

But keep in mind the client side plugin is for a smoother user experience. For good security you must still validate on the server side too.
0
 
LVL 15

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35164453
Well here is one way you can do it!


<cfif VAL(CGI.CONTENT_LENGTH) GT 50000>
<cfset msg = 'File Too Large'>
<cfelse>
Upload Code goes here
</cfif>


0
 
LVL 52

Expert Comment

by:_agx_
ID: 35166703
Yeah, but they're already doing that in the original post. The question was how to do something similar on the client side.
0
 
LVL 15

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35170259
Ok, There is a Threaded Discussion @ bennadel post

Check out! the same thing you are trying, i think java is the solution they found, check the comments out

http://www.bennadel.com/blog/670-Ask-Ben-Limit-File-Upload-Size-In-ColdFusion.htm
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 15

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35170263
0
 
LVL 52

Expert Comment

by:_agx_
ID: 35173096
@myselfrandhawa - I think you're misunderstanding :)  Those all discuss validating on the server side after the file is already uploaded.  The asker was inquiring about filtering on the client side, before the file submitted to the server.
0
 

Author Comment

by:overcolor
ID: 35174123
Maybe the best thing to do is to let the file go into a temp folder then, check it there, if it is not correct then throw a error using <CFABORT>..???
0
 
LVL 15

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35174314
Hi @agx, If you read the comments of the blog posts, they are already discussing how to detect the length of file before upload, one has discusssed a way using java but i do not his name in comments!

0
 
LVL 15

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35174320
Well! There is one other way using javascript! but i think that works in Internet Explorer only using some file system object but i did it long before and now i do not remember where i have placed it, if found, i will place the code here
0
 
LVL 52

Expert Comment

by:_agx_
ID: 35177299
@overcolor - You can certainly do both: validate on the client and server side.  For the server side, as you said - run your checks and if the file fails (too big, wrong type, etc...) just delete it and display an error message.
0
 
LVL 52

Expert Comment

by:_agx_
ID: 35177832
To be clear, <cffile action="upload"..> is something of a misnomer. It doesn't actually upload a file. The file is already on your server.  All <cffile action="upload"..> does is move the uploaded file from CF's temp directory whatever destination directory you supply.  So go ahead and use it. Then check the file details afterwards. If it doesn't meet your requirements, just delete it.
0
 
LVL 15

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35178007
@ overcolor, @agx, Yes that will be Pretty Straight Forward Method for Checking,


0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Sometimes databases have MILLIONS of records and we need a way to quickly query that table to return the results me need. Sure you could use CFQUERY but it takes too long when there are millions of records. That is why SOLR was invented. Please …
This article is meant to give a basic understanding of how to use R Sweave as a way to merge LaTeX and R code seamlessly into one presentable document.
Learn the basics of modules and packages in Python. Every Python file is a module, ending in the suffix: .py: Modules are a collection of functions and variables.: Packages are a collection of modules.: Module functions and variables are accessed us…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now