I’ve got a form that uploads a document to the database. I need to check the file extension to make sure it is a valid file type. By default the upload doc field on the form will allow any kind of file to be uploaded.
Can anyone give me some ideas about how to do this in scriptcase?
Re: Document Upload File Type Validation
Hello,
You could create a function that would run on the onBeforeInsert/Update event. This function would use PHPs explode on the File Name (splitting the string by “.”), to compare the last array returned with the file extensions that should be accepted. IF the file should not be accepted, then you could use sc_error_message to forbid any invalid insert/update.
regards,
Bernhard Bernsmann
Re: Document Upload File Type Validation
Thanks for the help Bartho.
Tried that, but the file seems to upload anyway. Which field in the form should I check?
Here is the problem.
If I am inserting this into the database (BLOB), the file upload field does an automatic AJAX process when I browse for the file to upload. The field blinks for a second than is blank. During this process SC appears to be extracting the filename and file size, because SC requires file name and file size fields in the DB. I created these and SC automatically extracts the file name and file size from the file upload field and writes them to the DB like this:
id|document(BLOB)|filename(file name)|filesize
Here is what I tried and it didn’t work.
$whitelist = array('jpg', 'png', 'gif', 'jpeg', 'doc', 'pdf'); #example of white list
if(!in_array(end(explode('.', {document})), $whitelist))
{
echo 'Invalid file type';
exit(0);
}
Re: Document Upload File Type Validation
BTW, validation of file upload type for uploading files should be a standard feature of script case.
I would like to have the ability to select / enter allowed file types for upload fields in all applications. Leaving it open to upload any type of file is a huge security risk.
Re: Document Upload File Type Validation
rickallen,
Your code is correct, except for the {document} on your IF statement. Here is how it should be.
if(!in_array(end(explode('.', [b]{filename}[/b])), $whitelist))
echo 'Invalid file type';
sc_error_message("Invalid file type");
regards,
Bernhard Bernsmann