CODEWITHSUNDEEP
php
pao Kiff
pao Kiff

Reputation: 27

PHP - check whether a imported file is a csv or not

Hello there I have a code where I import a csv file to mysql database so far it imports csv it will not import image, video and such but it imports files like SQL and PHP, is there a problem with the code? Any help is appreciated. The code for validating whether its a csv file or not.

$csvMimes = array('text/x-comma-separated-values', 'text/comma-separated-values', 'application/octet-stream', 'application/vnd.ms-excel', 'application/x-csv', 'text/x-csv', 'text/csv', 'application/csv', 'application/excel', 'application/vnd.msexcel', 'text/plain');

Upvotes: 3

Views: 8097

Answers (3)

Rotimi
Rotimi

Reputation: 4825

Use PHP's finfo class. using $_FILES['type']; directly is easily spoofable.

<?php 
$csvMimes = array('text/x-comma-separated-values', 'text/comma-separated-values', 'application/octet-stream', 'application/vnd.ms-excel', 'application/x-csv', 'text/x-csv', 'text/csv', 'application/csv', 'application/excel', 'application/vnd.msexcel', 'text/plain');

if (isset($_FILES['file']['tmp_name'])) {
    $finfo = finfo_open(FILEINFO_MIME_TYPE);
    $mime = finfo_file($finfo, $_FILES['file']['tmp_name']);
    echo in_array($mime, $csvMimes) === true ? 'It is a CSV' : 'It is not CSV';
    finfo_close($finfo);
}
?>

Upvotes: 5

Abhishek
Abhishek

Reputation: 1068

The metadeta of file uploaded typically looks like

[name] => MyFile.jpg
[type] => image/jpeg
[tmp_name] => /tmp/php/php6hst32
[error] => UPLOAD_ERR_OK
[size] => 98174

In order to check whether the file type uploaded is what you wanted then you can rely on type attribute.

<?php
$csvMimes = array('text/x-comma-separated-values', 'text/comma-separated-values', 'application/octet-stream', 'application/vnd.ms-excel', 'application/x-csv', 'text/x-csv', 'text/csv', 'application/csv', 'application/excel', 'application/vnd.msexcel', 'text/plain');

if(in_array($_FILES['file']['type'],$csvMimes)){
   echo "File is Allowed";
}else{
   echo "Invalid File";
}

?>

Upvotes: 2

Priya
Priya

Reputation: 1470

Please try like this

$csvMimes = array(
    'text/csv',
    'text/plain',
    'application/csv',
    'text/comma-separated-values',
    'application/excel',
    'application/vnd.ms-excel',
    'application/vnd.msexcel',
    'text/anytext',
    'application/octet-stream',
    'application/txt',
);

if (in_array($_FILES['upload']['type'], $csvMimes)) {
    // your code
}

Upvotes: 0

Related Questions