views:

263

answers:

9

I am using PHP for a website. I have to get users upload their pics. Now, the pics can be in jpeg or png or gif format. My problem is that i identify a user by a unique userid, so I want to save the pics as: userid.jpg or userid.png etc. Now, how do i find out the extension of the file selected by the user using php?

+1  A: 

$filename = "harbl.jpg";
$fileinfo = pathinfo($filename);
echo($fileinfo['extension']);           // prints "jpg"
mgroves
+1  A: 

Assuming you have

<input type="file" name="foo">

You can do

$info = pathinfo($_FILES['foo']['name']);
$extension = $info['extension'];
Greg
+1  A: 
array_pop(explode(".", $_FILES["image"]["name"]))

or

pathinfo($_FILES["image"]["name"], PATHINFO_EXTENSION)
Erlend
+5  A: 

I wouldn't rely on the file extension provided by the visitor. Instead, ask the file itself what it is (this can still be spoofed, but its less likely; also you don't have to wonder if the extension is 3 or 4 characters (jpeg, jpg for example)). Try:

if ($_FILES['avatar']['type'] == "image/gif")
if ($_FILES['avatar']['type'] == "image/jpeg")
if ($_FILES['avatar']['type'] == "image/png")

They're much more reliable.

Gav
No! Be very careful doing this. Make sure the extension is of a relevant type (gif/jpg/png) as well, and not something possibly executable (like .php).
Noon Silk
I agree, actually retrospectively, I'd check both.
Gav
+5  A: 

Instead of relying on the extension sent by the client, you can also determine the type of the file, using fileinfo (PHP >= 5.3), or if you're using an older version of PHP, something like mime_content_type

Once you have the mime-type of the file, it's just a matter of mapping (like 'image/png' => 'png')

(Should actually be better for security reasons ; if I remember correctly, $_FILES['...']['type'] is sent by the client, and can be faked)

Pascal MARTIN
+1  A: 

If you're running a nicely updated server with PHP 5.3, you should look into the new File Information extension. It'll look at the files themselves and try to determine the mime type, from which you can get the extension. This is more reliable than looking at the extension or mime type as provided by the browser, as both of these can be faked.

An ideal solution could use a combination of all of these methods for maximum effectiveness.

Shep
A: 

I've used Array in application that I've build recently. And it works very well.

$file_type = array('image/gif'   => 'gif', 
                   'image/jpeg'  => 'jpg',
                'image/pjpeg' => 'jpg',
                   'image/bmp'   => 'jpg',
                   'image/png'   => 'png');

if(array_key_exists(($_FILES['file_upload']['type']), $file_type){
    Your Function

}
dd
A: 
$extension = end(explode(".",$_FILES['foo']['name']));
Lasiaf
A: 

Hai

          You can check the image type easily in php.For example, you may have

          <input type="file" name="image">


          $img_name=$_FILES["image"]["name"];                 //name of the image
          $img_tmpname=$_FILES["image"]["tmp_name"];         //temporary name

          $len=strlen($img_name);                           //length of image name
          $dot=strpos($img_name,".");                      //finding position of .
          $type=substr($img_name,$dot,$len);      //finding string from . to end of string.

          Then use if statement and check the file

if($type=='.gif'||$type=='.jpg'||$type=='.jpeg'||$type=='.png'||$type=='.GIF'||$type=='.JPG'||$type=='.PNG'||$type=='.JPEG') {

//your code............. }