PDA

View Full Version : Validating File Uploads



Strangeplant
10-05-2006, 12:36 PM
I need a way to validate uploaded files, meaning that they actually got there OK as a working copy. I came across a function, sha1() and the man page is at http://us2.php.net/sha1_file. And there is MD5() found at http://us2.php.net/manual/en/function.md5-file.php. And also crc32() at http://us2.php.net/manual/en/function.crc32.php. So, which one is the right way to go, and how should it be implemented into an upload function? I'm hoping that someone has experience in this area......

Twey
10-05-2006, 05:57 PM
Any of them will do fine. MD5 is the most common algorithm, with SHA1 following. CRC32 is rarely used, but can be provided as an alternative.

The trickiest bit will be obtaining the checksum from the client. Since by the time it's reached the server it could be corrupted, this must be done client-side. That will require Java, or for the user to enter the checksum manually (or even better, Java with a manual fallback).

djr33
10-06-2006, 01:24 AM
Yeah, as Twey says, there's really no point to this unless you have a value to compare it against. How do you plan to do that?

I'd say use md5, just 'cause it's the most common, and people might even have the md5 version of the file from downloading it, or something else. Security shouldn't be an issue, so I'd just choose based on popularity.