正确的方法来开始文件上传的服务器端验证
What is the right way to begin validation for data sent by a multipart/form form. I'll be receiving a file and 1 text identifier from a hidden field.
I'm not asking how to check for file type and size and all else. I can do that. What I'm asking is: in a normal form I do this:
<?php
If ($_POST)
{
if (isset($_POST['myField]) && $_POST['myField'] == 1)
{
//Proceed
}else{
echo 'Error';
}
}
else
{
echo 'Some Error';
}
?>
What is the best way to do this when it comes to multipart/form data.
You'd want to use filter_input in a vanilla PHP setup...
Something like this if you want to check that your text field contains an integer...
$textInput = filter_input(INPUT_POST, 'myField', FILTER_VALIDATE_INT)
For your file upload, you'll want to take a look at is_uploaded_file
I'm not very clear what you want exactly. If you are wanted to know what are the things you should keep in mind while validating the file upload then probably the answer goes.
1) You should definitely the check the file type/ mime type of the uploaded file. 2) You should not double extension file like "image.php.jpg" 3) You should check the file size, if its excedding 2MB then you need to increase the MAXIMUM FILE UPLOAD Size in php.ini, default is 2MB.
Thanks, Uttam