Solved

Best way to check for file type and size before uploading with Coldfusion?

Posted on 2011-03-17
15
348 Views
Last Modified: 2012-05-11
I want to let people upload files onto my server, but I want the system to check to make sure the file is one of the correct file types(.gif, Jpeg, Bmp) I allow; then to make sure the file is not to big.
I would like the system to check for all this on the same page, can someone help me with this?

You can see the code below of what I'm using now, but this is done on my post page not the form page?
<cftry>
<cffile action="upload" 
 destination="#path#\images\LOGO\" 
  filefield="LOGO"
  nameconflict="overwrite">
  
  
  
  <cfquery datasource="#dn#">
  update Logos 
  set logos = '#Clientfile#'
  where id= #customer.ID# 
    </cfquery>
	
	<cfif cffile.filesize gt 2000>
	<cfthrow type="sizeerror"
	message="File is to big; your file must be smaller than 2.0mb.">
	</cfif>
	
	<cfcatch type="sizeerror">
	<cfabort showerror="#cfcatch.message#">
	
	</cfcatch>
  </cftry>

Open in new window

0
Comment
Question by:overcolor
  • 6
  • 6
  • 2
  • +1
15 Comments
 
LVL 6

Expert Comment

by:billfusion
ID: 35161232
To get file information from the client before it is uploaded to your CF server, you may need an upload client side plug in.  We've done this in the long past with an ActiveX controller that ran on the client's device when they select a file to upload.
0
 
LVL 52

Accepted Solution

by:
_agx_ earned 500 total points
ID: 35161348
If you're using  <cffileupload>, it supports limiting the file types and sizes via flash. However, you should still re-validate on the server as you're doing now for security reasons.  Never trust client side validation.

http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec18238-7fd0.html

<cffileupload
    extensionfilter = "none|jpg,jpeg,png"
    maxuploadsize = "file size in mega bytes" ....>
0
 

Author Comment

by:overcolor
ID: 35161650
@Billfusion can you give me an example?

@Agx I was trying to do this without cffileupload for non-flash browser, but please let me know if I'm doing this wrong??
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 52

Expert Comment

by:_agx_
ID: 35162403
I was trying to do this without cffileupload for non-flash browser,

Ok. But you can't do this on the client side using plain html alone.  As Billfusion said you need some sort of plugin like ActiveX or a java applet, Flash, etc...  Not every browser supports them, and they can all be disabled.  So with any of those options you risk excluding a portion of your users.  So if you really want a client side filter too - then it's a matter of choosing the lesser of the evils.

But keep in mind the client side plugin is for a smoother user experience. For good security you must still validate on the server side too.
0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35164453
Well here is one way you can do it!


<cfif VAL(CGI.CONTENT_LENGTH) GT 50000>
<cfset msg = 'File Too Large'>
<cfelse>
Upload Code goes here
</cfif>


0
 
LVL 52

Expert Comment

by:_agx_
ID: 35166703
Yeah, but they're already doing that in the original post. The question was how to do something similar on the client side.
0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35170259
Ok, There is a Threaded Discussion @ bennadel post

Check out! the same thing you are trying, i think java is the solution they found, check the comments out

http://www.bennadel.com/blog/670-Ask-Ben-Limit-File-Upload-Size-In-ColdFusion.htm
0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35170263
0
 
LVL 52

Expert Comment

by:_agx_
ID: 35173096
@myselfrandhawa - I think you're misunderstanding :)  Those all discuss validating on the server side after the file is already uploaded.  The asker was inquiring about filtering on the client side, before the file submitted to the server.
0
 

Author Comment

by:overcolor
ID: 35174123
Maybe the best thing to do is to let the file go into a temp folder then, check it there, if it is not correct then throw a error using <CFABORT>..???
0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35174314
Hi @agx, If you read the comments of the blog posts, they are already discussing how to detect the length of file before upload, one has discusssed a way using java but i do not his name in comments!

0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35174320
Well! There is one other way using javascript! but i think that works in Internet Explorer only using some file system object but i did it long before and now i do not remember where i have placed it, if found, i will place the code here
0
 
LVL 52

Expert Comment

by:_agx_
ID: 35177299
@overcolor - You can certainly do both: validate on the client and server side.  For the server side, as you said - run your checks and if the file fails (too big, wrong type, etc...) just delete it and display an error message.
0
 
LVL 52

Expert Comment

by:_agx_
ID: 35177832
To be clear, <cffile action="upload"..> is something of a misnomer. It doesn't actually upload a file. The file is already on your server.  All <cffile action="upload"..> does is move the uploaded file from CF's temp directory whatever destination directory you supply.  So go ahead and use it. Then check the file details afterwards. If it doesn't meet your requirements, just delete it.
0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 35178007
@ overcolor, @agx, Yes that will be Pretty Straight Forward Method for Checking,


0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you how to provide a dynamic RTF document on your website generated with data from your database. For this tutorial you will need Microsoft Word or WordPad, WhizBase and Microsoft Access. In this tutorial I will show …
Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question