Solved

Best way to check for file type and size before uploading with Coldfusion?

Posted on 2011-03-17
15
352 Views
Last Modified: 2012-05-11
I want to let people upload files onto my server, but I want the system to check to make sure the file is one of the correct file types(.gif, Jpeg, Bmp) I allow; then to make sure the file is not to big.
I would like the system to check for all this on the same page, can someone help me with this?

You can see the code below of what I'm using now, but this is done on my post page not the form page?
<cftry>
<cffile action="upload" 
 destination="#path#\images\LOGO\" 
  filefield="LOGO"
  nameconflict="overwrite">
  
  
  
  <cfquery datasource="#dn#">
  update Logos 
  set logos = '#Clientfile#'
  where id= #customer.ID# 
    </cfquery>
	
	<cfif cffile.filesize gt 2000>
	<cfthrow type="sizeerror"
	message="File is to big; your file must be smaller than 2.0mb.">
	</cfif>
	
	<cfcatch type="sizeerror">
	<cfabort showerror="#cfcatch.message#">
	
	</cfcatch>
  </cftry>

Open in new window

0
Comment
Question by:overcolor
  • 6
  • 6
  • 2
  • +1
15 Comments
 
LVL 6

Expert Comment

by:billfusion
ID: 35161232
To get file information from the client before it is uploaded to your CF server, you may need an upload client side plug in.  We've done this in the long past with an ActiveX controller that ran on the client's device when they select a file to upload.
0
 
LVL 52

Accepted Solution

by:
_agx_ earned 500 total points
ID: 35161348
If you're using  <cffileupload>, it supports limiting the file types and sizes via flash. However, you should still re-validate on the server as you're doing now for security reasons.  Never trust client side validation.

http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec18238-7fd0.html

<cffileupload
    extensionfilter = "none|jpg,jpeg,png"
    maxuploadsize = "file size in mega bytes" ....>
0
 

Author Comment

by:overcolor
ID: 35161650
@Billfusion can you give me an example?

@Agx I was trying to do this without cffileupload for non-flash browser, but please let me know if I'm doing this wrong??
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 
LVL 52

Expert Comment

by:_agx_
ID: 35162403
I was trying to do this without cffileupload for non-flash browser,

Ok. But you can't do this on the client side using plain html alone.  As Billfusion said you need some sort of plugin like ActiveX or a java applet, Flash, etc...  Not every browser supports them, and they can all be disabled.  So with any of those options you risk excluding a portion of your users.  So if you really want a client side filter too - then it's a matter of choosing the lesser of the evils.

But keep in mind the client side plugin is for a smoother user experience. For good security you must still validate on the server side too.
0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35164453
Well here is one way you can do it!


<cfif VAL(CGI.CONTENT_LENGTH) GT 50000>
<cfset msg = 'File Too Large'>
<cfelse>
Upload Code goes here
</cfif>


0
 
LVL 52

Expert Comment

by:_agx_
ID: 35166703
Yeah, but they're already doing that in the original post. The question was how to do something similar on the client side.
0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35170259
Ok, There is a Threaded Discussion @ bennadel post

Check out! the same thing you are trying, i think java is the solution they found, check the comments out

http://www.bennadel.com/blog/670-Ask-Ben-Limit-File-Upload-Size-In-ColdFusion.htm
0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35170263
0
 
LVL 52

Expert Comment

by:_agx_
ID: 35173096
@myselfrandhawa - I think you're misunderstanding :)  Those all discuss validating on the server side after the file is already uploaded.  The asker was inquiring about filtering on the client side, before the file submitted to the server.
0
 

Author Comment

by:overcolor
ID: 35174123
Maybe the best thing to do is to let the file go into a temp folder then, check it there, if it is not correct then throw a error using <CFABORT>..???
0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35174314
Hi @agx, If you read the comments of the blog posts, they are already discussing how to detect the length of file before upload, one has discusssed a way using java but i do not his name in comments!

0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35174320
Well! There is one other way using javascript! but i think that works in Internet Explorer only using some file system object but i did it long before and now i do not remember where i have placed it, if found, i will place the code here
0
 
LVL 52

Expert Comment

by:_agx_
ID: 35177299
@overcolor - You can certainly do both: validate on the client and server side.  For the server side, as you said - run your checks and if the file fails (too big, wrong type, etc...) just delete it and display an error message.
0
 
LVL 52

Expert Comment

by:_agx_
ID: 35177832
To be clear, <cffile action="upload"..> is something of a misnomer. It doesn't actually upload a file. The file is already on your server.  All <cffile action="upload"..> does is move the uploaded file from CF's temp directory whatever destination directory you supply.  So go ahead and use it. Then check the file details afterwards. If it doesn't meet your requirements, just delete it.
0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35178007
@ overcolor, @agx, Yes that will be Pretty Straight Forward Method for Checking,


0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this tutorial I will show you how to provide a dynamic RTF document on your website generated with data from your database. For this tutorial you will need Microsoft Word or WordPad, WhizBase and Microsoft Access. In this tutorial I will show …
This article will show, step by step, how to integrate R code into a R Sweave document
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question