1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 6:32 am May 2, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Restricting file types to db seperately

         

moroose

1:45 am on Jun 21, 2007 (gmt 0)

10+ Year Member



I have a form that uploads images to a directory and other files to database.I can restrict file types going to directory,but am struggling restricing file types going to db.
My problem is that i do not have an :

if(move_uploaded_file($_FILES['userfile']['tmp_name'],$path)) {

in the db-specific code.

I'd be grateful if someone can help me insert this code to restrict files from being inserted in db:

$filetypes = array ('txt', 'pdf','doc','rtf','zip');
$position = strlen($fileName) - (strpos($fileName, '.'));
$ext = substr($fileName, -$position+1, $position);
if ((in_array(strtolower($ext), $filetypes))) {
$errmsg = "File format not supported for upload.Only Doc,txt,rtf,pdf,zip please";
$ok=0;
}

This is just a simulated snippet to what i have:

<?php
if(isset($_POST['submit']) && $_FILES['userfile']['size'] > 0)
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];

$fp = fopen($tmpName, 'r');
$data = fread($fp, filesize($tmpName));
$data = addslashes($data);
fclose($fp);

if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
}
include 'connect.php';

$query = "INSERT INTO uploads (name, size, type, data ) ".
"VALUES ('$fileName', '$fileSize', '$fileType', '$data')";
mysql_query($query) or die('Error, query failed');
mysql_close($conn);

echo "<br>File $fileName uploaded<br>";
}
?>

Habtom

7:00 am on Jun 21, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



>>but am struggling restricing file types going to db.

Just before you run the INSERT script, isn't it possible to check for the file type, and accordingly save or reject.

Habtom

moroose

6:11 pm on Jun 21, 2007 (gmt 0)

10+ Year Member



Yes,that's what am doing.However once in the second page(preview/check page)the upload field no longer retains its value,so basically the user can upload anything anew.I have put restrictions on the checking page as well.

You may ask why wouldn't i just put whatever restriction i have in the first page.Well,because page 1 has no insertion code so i dont have to deal with upload/insert errors and result echoeing while page2 does.

The difficulty comes from the fact that am also restriting images themselves from going to db,and all other file types from going to the image folder in turn at the same time.

Because each destination is wrapped in an image or not if/else statment,am implementing restrictions two times(one for images,other for other file types).
Since images are uploaded to the system only using:
if(move_uploaded_file($_FILES['userfile']['tmp_name'],$path)) {)

i have no problem controlling them,but it's a bit difficult handling those going strictly to the db(and only to the db)
Anyone been to this situation before?

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 6:32 am May 2, 2026