I have created a web form with PHP. The webform is in online application form, that then emails our HR department. They want me to include an option on the form to upload a resume. I would like to stem off some trouble by making sure that the file they upload is one of our "acceptable" formats. (Arguments about acceptable can be tabled -- I had to fight them to accept .txt file formats)<br>
<br>I have my check working, but I have two questions about it:<br><br>1) It seems to be a bit of a clug - can I clean it up some?<br>2) What false-positives could occur?<br><br>Here is a snip:<br><br> error_reporting(0);<br>
// initialize a array to hold any errors we encounter<br> $errors = array();<br> // check to see if a first name was entered<br> if (!$_POST['fName'])<br> $errors[] = "First Name is required";<br>
// check to see if a last name was entered<br> if (!$_POST['lName'])<br> $errors[] = "Last Name is required";<br> <br>CUT SOME STUFF OUT HERE......<br><br> // check file types against known extensions<br>
$whitelist = array(".rtf", ".doc", ".txt", ".pdf");<br> // initialize the extension errors counter<br> $ext_err = 0;<br> // check the file extension <br> foreach ($whitelist as $item) {<br>
if (!preg_match("/$item\$/i", $_FILES['userfile']['name']))<br> $ext_err = $ext_err + 1 ;<br> }<br> if ($ext_err == 4)<br> $errors[] = "We only allow certain file formats " .$ext_err;<br>
<br>From the "foreeach" loop down is that part that I would think I could clean up some.. but I just can't seem to figure it out myself.<br><br>Thanks, <br>Kevin<br>