Best way to check for file type and size before uploading with Coldfusion?

I want to let people upload files onto my server, but I want the system to check to make sure the file is one of the correct file types(.gif, Jpeg, Bmp) I allow; then to make sure the file is not to big.
I would like the system to check for all this on the same page, can someone help me with this?

You can see the code below of what I'm using now, but this is done on my post page not the form page?
<cftry>
<cffile action="upload" 
 destination="#path#\images\LOGO\" 
  filefield="LOGO"
  nameconflict="overwrite">
  
  
  
  <cfquery datasource="#dn#">
  update Logos 
  set logos = '#Clientfile#'
  where id= #customer.ID# 
    </cfquery>
	
	<cfif cffile.filesize gt 2000>
	<cfthrow type="sizeerror"
	message="File is to big; your file must be smaller than 2.0mb.">
	</cfif>
	
	<cfcatch type="sizeerror">
	<cfabort showerror="#cfcatch.message#">
	
	</cfcatch>
  </cftry>

Open in new window

overcolorAsked:
Who is Participating?
 
_agx_Connect With a Mentor Commented:
If you're using  <cffileupload>, it supports limiting the file types and sizes via flash. However, you should still re-validate on the server as you're doing now for security reasons.  Never trust client side validation.

http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec18238-7fd0.html

<cffileupload
    extensionfilter = "none|jpg,jpeg,png"
    maxuploadsize = "file size in mega bytes" ....>
0
 
billfusionCommented:
To get file information from the client before it is uploaded to your CF server, you may need an upload client side plug in.  We've done this in the long past with an ActiveX controller that ran on the client's device when they select a file to upload.
0
 
overcolorAuthor Commented:
@Billfusion can you give me an example?

@Agx I was trying to do this without cffileupload for non-flash browser, but please let me know if I'm doing this wrong??
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
_agx_Commented:
I was trying to do this without cffileupload for non-flash browser,

Ok. But you can't do this on the client side using plain html alone.  As Billfusion said you need some sort of plugin like ActiveX or a java applet, Flash, etc...  Not every browser supports them, and they can all be disabled.  So with any of those options you risk excluding a portion of your users.  So if you really want a client side filter too - then it's a matter of choosing the lesser of the evils.

But keep in mind the client side plugin is for a smoother user experience. For good security you must still validate on the server side too.
0
 
Gurpreet Singh RandhawaWeb DeveloperCommented:
Well here is one way you can do it!


<cfif VAL(CGI.CONTENT_LENGTH) GT 50000>
<cfset msg = 'File Too Large'>
<cfelse>
Upload Code goes here
</cfif>


0
 
_agx_Commented:
Yeah, but they're already doing that in the original post. The question was how to do something similar on the client side.
0
 
Gurpreet Singh RandhawaWeb DeveloperCommented:
Ok, There is a Threaded Discussion @ bennadel post

Check out! the same thing you are trying, i think java is the solution they found, check the comments out

http://www.bennadel.com/blog/670-Ask-Ben-Limit-File-Upload-Size-In-ColdFusion.htm
0
 
Gurpreet Singh RandhawaWeb DeveloperCommented:
0
 
_agx_Commented:
@myselfrandhawa - I think you're misunderstanding :)  Those all discuss validating on the server side after the file is already uploaded.  The asker was inquiring about filtering on the client side, before the file submitted to the server.
0
 
overcolorAuthor Commented:
Maybe the best thing to do is to let the file go into a temp folder then, check it there, if it is not correct then throw a error using <CFABORT>..???
0
 
Gurpreet Singh RandhawaWeb DeveloperCommented:
Hi @agx, If you read the comments of the blog posts, they are already discussing how to detect the length of file before upload, one has discusssed a way using java but i do not his name in comments!

0
 
Gurpreet Singh RandhawaWeb DeveloperCommented:
Well! There is one other way using javascript! but i think that works in Internet Explorer only using some file system object but i did it long before and now i do not remember where i have placed it, if found, i will place the code here
0
 
_agx_Commented:
@overcolor - You can certainly do both: validate on the client and server side.  For the server side, as you said - run your checks and if the file fails (too big, wrong type, etc...) just delete it and display an error message.
0
 
_agx_Commented:
To be clear, <cffile action="upload"..> is something of a misnomer. It doesn't actually upload a file. The file is already on your server.  All <cffile action="upload"..> does is move the uploaded file from CF's temp directory whatever destination directory you supply.  So go ahead and use it. Then check the file details afterwards. If it doesn't meet your requirements, just delete it.
0
 
Gurpreet Singh RandhawaWeb DeveloperCommented:
@ overcolor, @agx, Yes that will be Pretty Straight Forward Method for Checking,


0
All Courses

From novice to tech pro — start learning today.