Hey guys, I am trying to allow only .doc, .docs and .pdf files to be uploaded to my database. Currently the PHP script allows upload of any file type. I would like to restrict it to only allow uploading of genuine PDF DOC and DOCX files. I have found a possible solution but I am not sure where to put it because I am very new to this. If you could help fix this I would be grateful! (I have 2 files here) Also, when I try to run the files the browser only reads the title?
index.php
[code]
<!DOCTYPE html>
<html>
<head>
<meta charset=”utf-8″/>
<title>Upload PDF & Word files to Database</title>
</head>
<body>
<?php
$dbh = new PDO(“mysql:host=localhost;dbname=mydata”,”root”,””);
if(isset($_POST[‘btn’])){
$name = $_FILES[‘myfile’][‘name’];
$mime = $_FILES[‘myfile’][‘type’];
$data = file_get_contents($_FILES[‘myfile’][‘tmp_name’]);
$stmt = $dbh->prepare(“insert into myblob values(”,?,?,?)”);
$stmt->bindParam(1,$name);
$stmt->bindParam(2,$mime);
$stmt->bindParam(3,$data, PDO::PARAM_LOB);
$stmt->execute();
}
?>
<form method=”post” enctype=”multipart/form-data”>
<input type=”file” name=”myfile”/>
<button name=”btn”>Upload</button>
</form>
<p></p>
<ol>
<?php
$stat = $dbh->prepare(“select * from myblob”);
$stat->execute();
while($row = $stat->fetch()){
echo “<li><a href=’view.php?id=”.$row[‘id’].”‘ target=’_blank’>”.$row[‘name’].”</a></li>”;
}
?>
</ol>
</body>
</html>
view.php
[code]
<?php
$dbh = new PDO(“mysql:host=localhost;dbname=mydata”,”root”,””);
$id = isset($_GET[‘id’])? $_GET[‘id’] : “”;
$stat = $dbh->prepare(“select * from myblob where id=?”);
$stat->bindParam(1,$id);
$stat->execute();
$row = $stat->fetch();
header(“Content-Type:”.$row[‘mime’]);
echo $row[‘data’];
echo ‘<img src=”data:image/jpeg;base64,’.base64_encode($row[‘data’]).'”/>’;
possible solution
[code]
$sys = mime_content_type($_FILES[“fileToUpload”][“tmp_name”]);
if($sys == ‘application/x-zip’ || $sys == ‘application/msword’){
echo ‘ allowed’;
}else{
echo ‘not allowed’;
}