I have a upload text file field, and with it I plan to save the file somewhere and then store the location of the file in a database. However, I want to make sure the file they uploaded is a .txt file, and not, say, an image file. I imagine this happens in the validation step. How does one validate such a thing? Also, how do you get the filename of the uploaded file? I could always just check if it said ‘.txt’ but for future reference knowing how to validate without just the filename would be helpful.
Share
Trying to validate the contents of a file based on the filename extension is opening the door for major hackerdom. It’s trivial to change the extension and upload the file.
If you are on a Mac/Linux/Unix-based system the OS “file” command is the standard because it looks inside the file for key bytes that flag file types. http://en.wikipedia.org/wiki/File_(Unix) I’m not sure what’s available for Windows, but this might help: Determine file type in Ruby