Upload DOC or PDF using PHP

Question

I m able to upload images fine  but when when I change the types from image jpg  image gif to application msword and application pdf  it doesn t work  Here s my code  The exact same code works for images  but for uploading docs and pdf  it outputs  Invalid File   What s going on here  My file is only approx 30kb and is well under the file size limit here    allowedExts   array  pdf    doc    docx      extension   end explode        FILES  file    name       if        FILES  file    type       application msword         FILES  file    type       text pdf       amp  amp     FILES  file    size    lt  20000   amp  amp  in array  extension   allowedExts            move uploaded file   FILES  file    tmp name     upload       FILES  file    name        else   echo  Invalid file

User · Accepted Answer

Don t use the   type   parameter to validate uploads  That field is user-provided  and can be trivially forged  allowing ANY type of file to be uploaded  The same goes for the   name   parameter - that s the name of the file as provided by the user  It is also trivial to forge  so the user s sending nastyvirus exe and calling it cutekittens jpg   The proper method for validating uploads is to use server-side mime-type determination  e g  via fileinfo  plus having proper upload success checking  which you do not   if    FILES  file    error       UPLOAD ERR OK        die  Upload failed with error       FILES  file    error        finfo   finfo open FILEINFO MIME TYPE    mime   finfo file  finfo    FILES  file    tmp name      ok   false  switch   mime       case  image jpeg      case  application pdf     case etc              ok   true     default         die  Unknown not permitted file type      move uploaded file         You are also using the user-provided filename as part of the final destination of the move uploaded files  it is also trivial to embed path data into that filename  which you then blindly use  That means a malicious remote user can scribble on ANY file on your server that they know the path for  plus plant new files

User · Answer

Please add the correct mime-types to your code - at least these ones    jpeg - gt  image jpeg  gif  - gt  image gif  png  - gt  image png   A list of mime-types can be found here   Furthermore  simplify the code s logic and report an error number to help the first level support track down problems    allowedExts   array     pdf       doc       docx        allowedMimeTypes   array      application msword      text pdf      image gif      image jpeg      image png       extension   end explode        FILES  file    name       if   20000  lt    FILES  file    size          die   Please provide a smaller file  E 1          if       in array  extension   allowedExts           die  Please provide another file type  E 2         if   in array    FILES  file    type     allowedMimeTypes               move uploaded file   FILES  file    tmp name     upload       FILES  file    name        else   die  Please provide another file type  E 3

User · Answer

For application msword and application vnd ms-excel  when I deleted the size restriction      FILES  file    size    lt  20000       it worked ok

User · Answer

One of your conditions is failing  Check the value of mime-type for your files  Try using application pdf  not text pdf  Refer to Proper MIME media type for PDF files

User · Answer

You can use     FILES  filename    error      If any type of error occurs then it returns  error  else 1 2 3 4 or 1 if done   1    if file size is over limit      You can find other options by googling

User · Answer

folder    Resume     temp   explode        FILES  uploaded    name      newfilename   round microtime true        end  temp    db path    folder   newfilename      remove the    listtype   array    doc   gt  application msword     docx   gt  application vnd openxmlformats-officedocument wordprocessingml document     rtf   gt  application rtf     pdf   gt  application pdf     if   is uploaded file    FILES  uploaded    tmp name         if  key   array search   FILES  uploaded    type    listtype    if  move uploaded file   FILES  uploaded      tmp name     folder   newfilename     include  connection php     sql   INSERT INTO tb upload  filePath  VALUES    db path         else       echo  File Type Should Be  Docx or  Pdf or  Rtf Or  Doc

User · Answer

lt  php        create table              --     -- Database   mydb      --      -- --------------------------------------------------------      --     -- Table structure for table  tbl user data      --      CREATE TABLE  tbl user data           attachment id  int 11  NOT NULL         attachment  varchar 200  NOT NULL       ENGINE InnoDB DEFAULT CHARSET latin1       --     -- Indexes for dumped tables     --      --     -- Indexes for table  tbl user data      --     ALTER TABLE  tbl user data        ADD PRIMARY KEY   attachment id         --     -- AUTO INCREMENT for dumped tables     --      --     -- AUTO INCREMENT for table  tbl user data      --     ALTER TABLE  tbl user data        MODIFY  attachment id  int 11  NOT NULL AUTO INCREMENT                 servername    localhost        username    root        password              Create connection      dbname    myDB          Create connection      conn   new mysqli  servername   username   password   dbname          Check connection     if   conn- gt connect error            die  Connection failed       conn- gt connect error               if isset   POST  submit              fileName   FILES  resume    name           fileSize   FILES  resume    size   1024         fileType   FILES  resume    type           fileTmpName   FILES  resume    tmp name           statusMsg              random rand 1111 9999          newFileName  random  fileName           file upload path        targetDir    resumeUpload           fileName   basename   FILES  resume    name            targetFilePath    targetDir    newFileName         fileType   pathinfo  targetFilePath PATHINFO EXTENSION          if  empty   FILES  resume    name                   allow certain file formats              allowTypes   array  jpg   png   jpeg   gif   pdf   docx   doc               allowTypes   array  pdf   docx   doc              if in array  fileType   allowTypes                    upload file to server               if move uploaded file   FILES  resume    tmp name     targetFilePath                       statusMsg    The file    fileName    has been uploaded                   else                     statusMsg    Sorry  there was an error uploading your file                               else                 statusMsg    Sorry  only DOC DOCX   amp  PDF files are allowed to upload                       else             statusMsg    Please select a file to upload                     display status message       echo  statusMsg          sql  INSERT INTO  tbl user data    attachment id    attachment   VALUES         NULL     newFileName            if  mysqli query  conn   sql              last id   mysqli insert id  conn            echo  upload success           else             echo  Error       sql     lt br gt     mysqli error  conn                          gt       lt form id  frm upload  action    method  post  enctype  multipart form-data  gt      Upload Resume  lt input type  file  name  resume  id  resume  gt       lt button type  submit  name  submit  gt Apply  Now lt  button gt        lt  form gt          output sample   check here for sample output  1   1

[php] Upload DOC or PDF using PHP

Examples related to php

Examples related to pdf

Examples related to upload

Examples related to doc

Examples related to file-type