[wplug] Clean up a PHP script
Kevin Squire
gentgeen at wikiak.org
Thu Jan 31 20:46:22 EST 2008
I have created a web form with PHP. The webform is in online application
form, that then emails our HR department. They want me to include an option
on the form to upload a resume. I would like to stem off some trouble by
making sure that the file they upload is one of our "acceptable" formats.
(Arguments about acceptable can be tabled -- I had to fight them to accept
.txt file formats)
I have my check working, but I have two questions about it:
1) It seems to be a bit of a clug - can I clean it up some?
2) What false-positives could occur?
Here is a snip:
error_reporting(0);
// initialize a array to hold any errors we encounter
$errors = array();
// check to see if a first name was entered
if (!$_POST['fName'])
$errors[] = "First Name is required";
// check to see if a last name was entered
if (!$_POST['lName'])
$errors[] = "Last Name is required";
CUT SOME STUFF OUT HERE......
// check file types against known extensions
$whitelist = array(".rtf", ".doc", ".txt", ".pdf");
// initialize the extension errors counter
$ext_err = 0;
// check the file extension
foreach ($whitelist as $item) {
if (!preg_match("/$item\$/i", $_FILES['userfile']['name']))
$ext_err = $ext_err + 1 ;
}
if ($ext_err == 4)
$errors[] = "We only allow certain file formats " .$ext_err;
>From the "foreeach" loop down is that part that I would think I could clean
up some.. but I just can't seem to figure it out myself.
Thanks,
Kevin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wplug.org/pipermail/wplug/attachments/20080131/bf0b74c3/attachment.html
More information about the wplug
mailing list