Best way to check for file type and size before uploading with Coldfusion?

I want to let people upload files onto my server, but I want the system to check to make sure the file is one of the correct file types(.gif, Jpeg, Bmp) I allow; then to make sure the file is not to big.
I would like the system to check for all this on the same page, can someone help me with this?

You can see the code below of what I'm using now, but this is done on my post page not the form page?
<cffile action="upload" 
  <cfquery datasource="#dn#">
  update Logos 
  set logos = '#Clientfile#'
  where id= #customer.ID# 
	<cfif cffile.filesize gt 2000>
	<cfthrow type="sizeerror"
	message="File is to big; your file must be smaller than 2.0mb.">
	<cfcatch type="sizeerror">
	<cfabort showerror="#cfcatch.message#">

Open in new window

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

To get file information from the client before it is uploaded to your CF server, you may need an upload client side plug in.  We've done this in the long past with an ActiveX controller that ran on the client's device when they select a file to upload.
If you're using  <cffileupload>, it supports limiting the file types and sizes via flash. However, you should still re-validate on the server as you're doing now for security reasons.  Never trust client side validation.

    extensionfilter = "none|jpg,jpeg,png"
    maxuploadsize = "file size in mega bytes" ....>

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
overcolorAuthor Commented:
@Billfusion can you give me an example?

@Agx I was trying to do this without cffileupload for non-flash browser, but please let me know if I'm doing this wrong??
Why Diversity in Tech Matters

Kesha Williams, certified professional and software developer, explores the imbalance of diversity in the world of technology -- especially when it comes to hiring women. She showcases ways she's making a difference through the Colors of STEM program.

I was trying to do this without cffileupload for non-flash browser,

Ok. But you can't do this on the client side using plain html alone.  As Billfusion said you need some sort of plugin like ActiveX or a java applet, Flash, etc...  Not every browser supports them, and they can all be disabled.  So with any of those options you risk excluding a portion of your users.  So if you really want a client side filter too - then it's a matter of choosing the lesser of the evils.

But keep in mind the client side plugin is for a smoother user experience. For good security you must still validate on the server side too.
Gurpreet Singh RandhawaCEOCommented:
Well here is one way you can do it!

<cfset msg = 'File Too Large'>
Upload Code goes here

Yeah, but they're already doing that in the original post. The question was how to do something similar on the client side.
Gurpreet Singh RandhawaCEOCommented:
Ok, There is a Threaded Discussion @ bennadel post

Check out! the same thing you are trying, i think java is the solution they found, check the comments out
Gurpreet Singh RandhawaCEOCommented:
@myselfrandhawa - I think you're misunderstanding :)  Those all discuss validating on the server side after the file is already uploaded.  The asker was inquiring about filtering on the client side, before the file submitted to the server.
overcolorAuthor Commented:
Maybe the best thing to do is to let the file go into a temp folder then, check it there, if it is not correct then throw a error using <CFABORT>..???
Gurpreet Singh RandhawaCEOCommented:
Hi @agx, If you read the comments of the blog posts, they are already discussing how to detect the length of file before upload, one has discusssed a way using java but i do not his name in comments!

Gurpreet Singh RandhawaCEOCommented:
Well! There is one other way using javascript! but i think that works in Internet Explorer only using some file system object but i did it long before and now i do not remember where i have placed it, if found, i will place the code here
@overcolor - You can certainly do both: validate on the client and server side.  For the server side, as you said - run your checks and if the file fails (too big, wrong type, etc...) just delete it and display an error message.
To be clear, <cffile action="upload"..> is something of a misnomer. It doesn't actually upload a file. The file is already on your server.  All <cffile action="upload"..> does is move the uploaded file from CF's temp directory whatever destination directory you supply.  So go ahead and use it. Then check the file details afterwards. If it doesn't meet your requirements, just delete it.
Gurpreet Singh RandhawaCEOCommented:
@ overcolor, @agx, Yes that will be Pretty Straight Forward Method for Checking,

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Scripting Languages

From novice to tech pro — start learning today.