How to limit extensions that can be saved? (PHP)

Question

How to limit extensions that can be saved? (PHP)

Asked 5 years, 6 months ago

Viewed 125 times

0

Hi, I was able to run the code and save the file, but I want you to save only images. Without the filter it saves any type of file. How could I make only jpg, jpeg and png extensions be saved? Below Cod.

<form action="proc_artigos.php" method="post" enctype="multipart/form-data">
        <div class="form-group"> 
            <label for="">Título</label>
            <input class="form-control" type="text" name="titulo" required>
        </div>

        <div class="form-group">
            <label for="">Imagem</label>
            <input type="file" name="imgUpload">
        </div>

        <div class="form-group">      
            <label for="">Conteúdo</label>
            <textarea class="form-control" type="text" name="texto" rows="30" required ></textarea>
            </div>
                <input name="send" class="btn btn-primary btn-block" type="submit" value="Salvar">                      
       </form>

Php file:

if ($_SERVER["REQUEST_METHOD"] === "POST") {

$file = $_FILES["imgUpload"];

if ($file["error"]) {
    throw new Exception("Error: " . $file["error"]);
}

$dirUploads = "uploads";

if (!is_dir($dirUploads)) {
    mkdir($dirUploads);
}

if (move_uploaded_file($file["tmp_name"], $dirUploads . DIRECTORY_SEPARATOR . $file["name"])) {

} else {
    throw new Exception("Não foi possível salvar o arquivo.");

  }
}

Thank you! Note: The rest is working, I just want to limit the file extensions that can be saved.

3 answers

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.

by Vinicius De Jesus • **686** points · Answer 1 · 2018-12-17T18:15:55+00:00

For the Front-end you can use:

 <input type="file" accept="image/*">

or

 <input type="file" accept=".png, .jpg, .jpeg">

and By the Back-end:

<?php
$arquivo = "imagem.exe";
$imagem = ".jpg";
$video = ".mp4";
$virus = ".exe";

if (substr($arquivo, -4) === $imagem) {
    echo "É imagem";
}elseif (substr($arquivo, -4) == $video) {
    echo "É vídeo";
}elseif (substr($arquivo, -4) == $virus) {
    echo "É virus";
}else{
    echo "Não sei! :-/";
}

?>

by Jasar Orion • **1,052** points · Answer 2 · 2018-12-17T17:39:38+00:00

you do as follows at the beginning of the page add:

ini_set('gd.jpeg_ignore_warning', 1);

this does not display a Warning when the image is corrupted or the file type not identified.

So validate:

if ((exif_imagetype($ImagePathAndName) == IMAGETYPE_JPEG) && (imagecreatefromjpeg( $ImagePathAndName ) !== false ))
{
echo 'è um jpg<br>';
}

by Andrei Coelho • **6,196** points · Answer 3 · 2018-12-17T18:43:07+00:00

From what I noticed you want to analyze an IMAGE. Soon, you can use the getimagesize() to know if it is really an image. For it will return false if it is any other file. Then you can implement the extensions that can be used:

if(($testeImage = getimagesize($file["tmp_name"])) != false){

    $exts = ["image/gif", "image/jpeg", "image/png", "image/bmp"];

    if(in_array($testeImage['mime'], $exts)){
        echo "imagem válida";
    }
}

In my opinion this is a safer solution.