I'm working on a project that requires a user to upload a simple CSV file and I want to check as far as possible that the file uploaded is what's expected. In Firefox, this is easy, cos a CSV uploads with type 'text/comma-separated-values' so that's a nice part of the testing, but in IE, the type is 'application/octet-stream' which, as far as I can tell, is the default for anything it doesn't recognise and includes 'exes'. I can of course test for it being this type (as opposed to, say, application/x-javascript) but that's not really doing much. What's the best way (or ways) to check that an uploaded file is a CSV? Jon
I think we must force user to use the extension .csv. First check the extension .csv in the uploaded file and check the file content. Otherwise, your system should reject the file. When creating upload form, we can also filter what file extension being uploaded. In this situation, it will ensure that only .csv that can be uploaded.
Any unrecognized file format will be treated as 'application/octet-stream' Better is read the very first line of the file using fgetcsv function, if it returns an array well and good otherwise it returns FALSE. I hope it helps.
Thanks for the replies. I think that's pretty much what I'm already doing. I'm checking for 'csv' as an extension, and then checking that it's comma separated and that it contains the right number of fields and that a selection of those fields are expected value types (e.g. numeric) so I think that'll do. It's a secure system, not public anyway so the risk is smaller than being public facing. Jon
create this page as upload.php. The code below forces the filename to be saved as whatever you want... everytime <?php $filename = $_FILES['userfile']['name']; $ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); $upload_path = 'uploadpath/'.$folder.'/files/nameoffile.csv'; if($ext == '.csv' || $ext == '.CSV') { if(move_uploaded_file($_FILES['userfile']['tmp_name'],$upload_path)); $msg = ('.csv file upload successful!'); } else if($ext = '.csv' || $ext = '.CSV') { $msg = ('.csv file upload failed! File is not .csv format!'); } } echo '<form action="upload.php" method="post">Upload csv file<br/><input type="file" name="userfile" SIZE="25"><INPUT TYPE="SUBMIT" VALUE="Upload File"></form> ?> PHP: Hope this helps works perfect for me!
This is a bad way for checking the file extension, and it would not work properly if the filename had more than one periods. Do it this way instead: $ext = strpos($filename, '.') === false ? 'none' : end(explode('.', $filename)); PHP: ... and instead of this, I suggest you convert the extension to lowercase, and use just one check, which would work in any case. (Even .CsV, cSV, etc...). ... I don't get this line. You realize that the assignment of a variable always returns the value you assign to it? $result = $ext = '.csv'; // returns '.csv' ('.csv == true) $result = $ext = 0; // returns 0 (0 == false) PHP: ... so both of your checks would always (in any case) return true. But regardless, I think this check is pretty redundant. You've already checked a few lines above if it's a cvs extension, so you could just use a simple "else" instead of an "else if".
No point in making it more difficult than it needs to be. PHP has a built in function for parsing a file's 'parts': $pathParts = pathinfo('/path/to/my/file/file.php'); echo $pathParts['dirname']; // /path/to/my/file echo $pathParts['basename']; // file echo $pathParts['extension']; // php PHP: