My uploader allows the following file formats:

jpg
pdf
gif
png

I tested that if someone was to name a file configure.php.jpg, my uploader allows it to upload

I want to do a check to see if the user has 2 extensions, and if so it will not allow them to upload.

I was thinking of just checking if the file name has two "." (dots) in the name. What function could I use to do this?

Or .. is there a better way?

substr_count

I'm not sure why you want to disallow files with '2 extensions'. configure.php.jpg is a perfectly valid name for a jpg.

If someone upload a file with name like that, he cant do any harm unless he rename the file and for that he needs access to your web server.

I agree, work on the final extension only and that should be enough

if you want to disallow only ".php" inside filename, you can check it with
strpos(strtolower($file_name),'.php')
or
EREGI("\.php",$file_name)
so,
if(!strpos(strtolower($file_name),'.php')){...allo w}

Get the real file extension with this:

$realExtn = substr($filename,-3);

switch($realExtn)
{
case 'jpg':
case 'pdf':
case 'gif':
case 'png':

print "OK";
break;

default:

print "Bad";
}

Quote:

Originally Posted by Jsecure

Get the real file extension with this:

$realExtn = substr($filename,-3);

switch($realExtn)
{
case 'jpg':
case 'pdf':
case 'gif':
case 'png':

print "OK";
break;

default:

print "Bad";
}

This assumes that an extensions is only 3 characters. It also does not account for case (the extension JPG would be considered invalid). Here is a better way:

PHP Code:

function getExtension($str) 
{
    //get all of the characters following the last .
    $ext = substr(strrchr($str, '.'), 1);

    //make it safe to assume the extension is lower case
    return strtolower($ext);
}