2

Im trying to limit my upload to only upload file extensions with a pdf. I've previously got the upload working but with any extension using ;

$form = $_FILES['form']['name'];
$upload = "forms/$form";
move_uploaded_file($_FILES['form']['tmp_name'],$upload);

I'm now trying to adjust this to only upload pdf, Using the following;

if (isset($_FILES['file']))
    $exten = explode( "." , $_FILES['form']['name']);
    $exten = $exten[1];
    $form = $_FILES['form']['name'];
    $upload = "forms/$form";

    if (
        ($exten == "pdf")
    ||  ($exten == "PDF")){
    move_uploaded_file($_FILES['form']['tmp_name'] , $upload);

    }

However the files are not uploading to the directory anymore plus it accepts any extension. It is entering the filename within my database. I followed a tutorial for this but not sure where I've gone wrong

Improve this question
4
  • This approach would give you a false sense of success for names like for example somefile.pdf.ugly. Commented Dec 7, 2016 at 11:48
  • 1
    In general is it questionable if such a check does make any sense. A "file name extension" is something that can be set arbitrary. It is a leftover from an area long gone. If you want to limit file types, then check the file type, not the file name extension. Commented Dec 7, 2016 at 11:49
  • Why isset($_FILES['file'])? Commented Dec 7, 2016 at 11:51
  • @arkascha thanks for pointing that one out, just noticed I'd named it wrong Commented Dec 7, 2016 at 12:03

2 Answers 2

Reset to default
1

to get file extension try pathinfo with PATHINFO_EXTENSION parameter, it will save you time

You should also use strtolower function to make a comparison because for example .PdF/.PDf extensions will be unexpectedly rejected by the condition you wrote

if (isset($_FILES['file'])) {
    $exten = pathinfo($_FILES['form']['name'], PATHINFO_EXTENSION);
    $form = $_FILES['form']['name'];
    $upload = "forms/$form";

    if (strtolower($exten) == 'pdf'){
    move_uploaded_file($_FILES['form']['tmp_name'] , $upload);

    }
}

PS: did you miss brackets after isset function or is just a copy-paste issue?

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

thanks, it doesn't upload the files to the directory if not pdf, but still writes the filename to the database. but I'm halfway there, so thankyou
Try using a static path, just to check if you yours is a permission issue or a path issue
I mean for like a .php file - it doesn't get uploaded which is correct but it still writes hello.php within the database column
1

You can check file type this way:

if ($_FILES['form']['type'] == 'application/pdf') {
    move_uploaded_file($_FILES['form']['tmp_name'] , $_FILES['form']['name']);
}

$_FILES['form']['type'] contains MIME type of uploaded file

http://php.net/manual/en/features.file-upload.post-method.php

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.