1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 10:38 pm May 1, 2026

Forum Moderators: coopster

Message Too Old, No Replies

How to verify: MS XLS is what it is supposed to be

securing uploading to a dir

         

henry0

2:31 pm on Jan 11, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I need to allow a site admin to upload MS XL files
To an xl_dir, then I have a script that performs DB insert by grabbing data from the XL file.

I might be over cautious knowing that only logged user with top admin level will be able to reach that upload area.
(I know how PW are handeled in an office environment!)
Aside verifying the file extension how may I make sure that the file is harmless?
Regex is not an option knowing MS file spaghetti code :)
I looked around but am still clueless

venelin13

6:53 pm on Jan 11, 2008 (gmt 0)

10+ Year Member



While uploading the file, check its type:

$_FILES['my_file']['type']

If you upload an MS Excel file, you should expect the mime type to be "application/vnd.ms-excel" or similar.

henry0

7:10 pm on Jan 11, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Ahhh why didn't I think about the obvious!
going to hide behind my desk for a while :)
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 10:38 pm May 1, 2026