?
Solved

Best way to check for file type and size before uploading with Coldfusion?

Posted on 2011-03-17
15
Medium Priority
?
406 Views
Last Modified: 2012-05-11
I want to let people upload files onto my server, but I want the system to check to make sure the file is one of the correct file types(.gif, Jpeg, Bmp) I allow; then to make sure the file is not to big.
I would like the system to check for all this on the same page, can someone help me with this?

You can see the code below of what I'm using now, but this is done on my post page not the form page?
<cftry>
<cffile action="upload" 
 destination="#path#\images\LOGO\" 
  filefield="LOGO"
  nameconflict="overwrite">
  
  
  
  <cfquery datasource="#dn#">
  update Logos 
  set logos = '#Clientfile#'
  where id= #customer.ID# 
    </cfquery>
	
	<cfif cffile.filesize gt 2000>
	<cfthrow type="sizeerror"
	message="File is to big; your file must be smaller than 2.0mb.">
	</cfif>
	
	<cfcatch type="sizeerror">
	<cfabort showerror="#cfcatch.message#">
	
	</cfcatch>
  </cftry>

Open in new window

0
Comment
Question by:overcolor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
  • 2
  • +1
15 Comments
 
LVL 6

Expert Comment

by:billfusion
ID: 35161232
To get file information from the client before it is uploaded to your CF server, you may need an upload client side plug in.  We've done this in the long past with an ActiveX controller that ran on the client's device when they select a file to upload.
0
 
LVL 52

Accepted Solution

by:
_agx_ earned 2000 total points
ID: 35161348
If you're using  <cffileupload>, it supports limiting the file types and sizes via flash. However, you should still re-validate on the server as you're doing now for security reasons.  Never trust client side validation.

http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec18238-7fd0.html

<cffileupload
    extensionfilter = "none|jpg,jpeg,png"
    maxuploadsize = "file size in mega bytes" ....>
0
 

Author Comment

by:overcolor
ID: 35161650
@Billfusion can you give me an example?

@Agx I was trying to do this without cffileupload for non-flash browser, but please let me know if I'm doing this wrong??
0
How to Create Failover DNS Record Sets in Route 53

Route 53 has the ability to easily configure DNS record sets specifically for failover scenarios. These failover record sets can be configured to failover to full-blown deployments in other regions or to a static HTML page that informs your customers of the issue.

 
LVL 52

Expert Comment

by:_agx_
ID: 35162403
I was trying to do this without cffileupload for non-flash browser,

Ok. But you can't do this on the client side using plain html alone.  As Billfusion said you need some sort of plugin like ActiveX or a java applet, Flash, etc...  Not every browser supports them, and they can all be disabled.  So with any of those options you risk excluding a portion of your users.  So if you really want a client side filter too - then it's a matter of choosing the lesser of the evils.

But keep in mind the client side plugin is for a smoother user experience. For good security you must still validate on the server side too.
0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35164453
Well here is one way you can do it!


<cfif VAL(CGI.CONTENT_LENGTH) GT 50000>
<cfset msg = 'File Too Large'>
<cfelse>
Upload Code goes here
</cfif>


0
 
LVL 52

Expert Comment

by:_agx_
ID: 35166703
Yeah, but they're already doing that in the original post. The question was how to do something similar on the client side.
0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35170259
Ok, There is a Threaded Discussion @ bennadel post

Check out! the same thing you are trying, i think java is the solution they found, check the comments out

http://www.bennadel.com/blog/670-Ask-Ben-Limit-File-Upload-Size-In-ColdFusion.htm
0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35170263
0
 
LVL 52

Expert Comment

by:_agx_
ID: 35173096
@myselfrandhawa - I think you're misunderstanding :)  Those all discuss validating on the server side after the file is already uploaded.  The asker was inquiring about filtering on the client side, before the file submitted to the server.
0
 

Author Comment

by:overcolor
ID: 35174123
Maybe the best thing to do is to let the file go into a temp folder then, check it there, if it is not correct then throw a error using <CFABORT>..???
0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35174314
Hi @agx, If you read the comments of the blog posts, they are already discussing how to detect the length of file before upload, one has discusssed a way using java but i do not his name in comments!

0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35174320
Well! There is one other way using javascript! but i think that works in Internet Explorer only using some file system object but i did it long before and now i do not remember where i have placed it, if found, i will place the code here
0
 
LVL 52

Expert Comment

by:_agx_
ID: 35177299
@overcolor - You can certainly do both: validate on the client and server side.  For the server side, as you said - run your checks and if the file fails (too big, wrong type, etc...) just delete it and display an error message.
0
 
LVL 52

Expert Comment

by:_agx_
ID: 35177832
To be clear, <cffile action="upload"..> is something of a misnomer. It doesn't actually upload a file. The file is already on your server.  All <cffile action="upload"..> does is move the uploaded file from CF's temp directory whatever destination directory you supply.  So go ahead and use it. Then check the file details afterwards. If it doesn't meet your requirements, just delete it.
0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35178007
@ overcolor, @agx, Yes that will be Pretty Straight Forward Method for Checking,


0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes databases have MILLIONS of records and we need a way to quickly query that table to return the results me need. Sure you could use CFQUERY but it takes too long when there are millions of records. That is why SOLR was invented. Please …
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
Learn the basics of if, else, and elif statements in Python 2.7. Use "if" statements to test a specified condition.: The structure of an if statement is as follows: (CODE) Use "else" statements to allow the execution of an alternative, if the …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question