[英]PHP upload MIME type restrictions
I have a file upload system in a site which allows upload of .doc, .docs and .pdf files. 我在一个站点中有一个文件上传系统,该系统允许上传.doc,.docs和.pdf文件。 Currently the PHP script allows upload of any file type.
当前,PHP脚本允许上传任何文件类型。 I would like to restrict it to only allow uploading of genuine PDF DOC and DOCX files.
我想将其限制为仅允许上传真正的PDF DOC和DOCX文件。 I have read that this is best done via checking the MIME type / headers of the file - but cant seem to find an agreed best solution to do this anywhere.
我已经读到,最好通过检查文件的MIME类型/标头来完成此操作-但似乎无法找到商定的最佳解决方案来在任何地方执行此操作。
Any tips on the best way to achieve this? 关于实现此目标的最佳方法的任何提示?
Current upload PHP is: 当前上传的PHP是:
$meta = $dropbox->UploadFile($_FILES["fileInputFieldName"]["tmp_name"], $upload_name);
Appreciate any tips on how to integrate this into the suggestions please. 请欣赏有关如何将其整合到建议中的任何提示。
Why dont you try the below code 你为什么不尝试下面的代码
$sys = mime_content_type($_FILES["fileToUpload"]["tmp_name"]);
if($sys == 'application/x-zip' || $sys == 'application/msword'){
echo ' allowed';
}else{
echo 'not allowed';
}
I used this in the end for those interested: 最后,我对有兴趣的人使用了此功能:
$allowedExts = array(
"pdf",
"doc",
"docx"
);
$allowedMimeTypes = array(
'application/msword',
'application/pdf',
'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
'application/x-pdf',
'application/vnd.pdf',
'text/pdf'
);
$extension = end(explode(".", $_FILES["file"]["name"]));
if ( ! ( in_array($extension, $allowedExts ) ) ) {
die('Please provide another file type [E/2].');
}
if ( in_array( $_FILES["file"]["type"], $allowedMimeTypes ) )
{
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);
}
else
{
die('Please provide another file type [E/3].');
}
that is how i restrict extension for image, you can apply this for doc and other files you want..
"i converted $_FILES to $file"
if ($file['profile_pic']['error'] == 0) {
// echo 'hello';
$fileName = strtolower($file['profile_pic']['name']);
$fileType = $file['profile_pic']['type'];
$tempName = $file['profile_pic']['tmp_name'];
$fileSize = $file['profile_pic']['size'];
$fileExtArray = array('image/jpeg', 'image/jpg', 'image/png', 'image/gif', 'public.jpeg');
$random_no = mt_rand() * 64;
$uploaddir = '../../Application/img/';
$file_name = $random_no . "_profile_" . $_FILES['profile_pic']['name'];
$image = $uploaddir . basename($file_name);
if (in_array($fileType, $fileExtArray))
move_uploaded_file($_FILES['profile_pic']['tmp_name'], $image);
}
$allowedExts = array("bmp", "gif", "jpg","png","jpeg");
$RandomNum = rand(0, 9999);
$ImageName = str_replace(' ','-',strtolower($_FILES['uploadedimage']['name']));
$ImageType = $_FILES['uploadedimage']['type']; //"document/txt", document/doc etc.
$ImageExt = substr($ImageName, strrpos($ImageName, '.'));
$ImageExt = str_replace('.','',$ImageExt);
if (!empty($_FILES["uploadedimage"]["name"]))
{
if(!in_array($ImageExt, $allowedExts))
{
$message.="<span class='error-message'>Invalid file format of image, only <b>'bmp', 'gif', 'jpg','png','jpeg'</b> allowed.</span><br>";
}
}
if(isset($message) && $message=='')
{
//image
$temp_name=$_FILES["uploadedimage"]["tmp_name"];
$imagename=time().'-'.$ImageName;
$target_path = "../profile-images/".$imagename;
$_SESSION['message']=$message;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.