Twitter: raymondcamden

Address: Lafayette, LA, USA

ColdFusion 8: Checking to see if a file upload is an image

05-30-2007 10,309 views ColdFusion 11 Comments

Welcome to the very first of my ColdFusion 8 blog postings. (Well, the first since the public release.) My goal for these entries is to look at features, big and small, and show some practical examples. For my first entry, I'm going to talk about something simple - validating that a file uploaded is an image.

As you probably heard, ColdFusion 8 has about 900 or so image functions. Ok, it isn't quite that much, but there are quite a few of them. (By the way, I'm speaking on image features at CFUNITED.) Probably the most common thing you will need to do is simple validation on a file upload. What do I mean by that?

Imagine a preferences form. It asks you things like your name, email address, and other items. It also lets you upload a picture of yourself. How do you validate that the file is an image? After the file is uploaded, it takes all of one call:

view plain print about
1<cfif not isImageFile(newfile)>

The isImageFile function simply checks and see if a filename points to an image file that ColdFusion can work with. Here is a slightly larger example:

view plain print about
1<cfif not len(trim(form.picture))>
2    <cfset errors = errors & "Avast Ye! Include a picture or walk the plank!<br />">

4    <cffile action="upload" destination="#expandPath('./images')#" nameConflict="makeunique" filefield="picture" result="fileupload">
5    <cfif fileupload.fileWasSaved>
6        <cfset newfile = fileupload.serverdirectory & "/" & fileupload.serverfile>
8        <cfif not isImageFile(newfile)>
9            <cfset errors = errors & "Avast Ye! Include a VALID picture or walk the plank!<br />">
10            <!--- clean up --->
11            <cffile action="delete" file="#newfile#">
12        </cfif>        
13    </cfif>

In this code block, I not only check and see if the user selected something to upload, I also handle the upload, check to see if it is an image, and even handle the cleanup if not. Note the special "Pirate" mode for errors. I love that.

A complete example is included below. Tomorrow I'll follow this up with a simple size check. That would be useful to for preventing users from upload 2 meg pictures or overly large wide/high pictures.

view plain print about
1<cfset errors = "">
2<cfparam name="" default="">
3<cfparam name="form.picture" default="">
5<cfif structKeyExists(form, "save")>
6    <cfif not len(trim(>
7        <cfset errors = errors & "Avast Ye! Include a name or walk the plank!<br />">

8    </cfif>
10    <cfif not len(trim(form.picture))>
11        <cfset errors = errors & "Avast Ye! Include a picture or walk the plank!<br />">
12    <cfelse>
13        <cffile action="upload" destination="#expandPath('./images')#" nameConflict="makeunique" filefield="picture" result="fileupload">
14        <cfif fileupload.fileWasSaved>
15            <cfset newfile = fileupload.serverdirectory & "/" & fileupload.serverfile>
17            <cfif not isImageFile(newfile)>
18                <cfset errors = errors & "Avast Ye! Include a VALID picture or walk the plank!<br />">
19                <!--- clean up --->
20                <cffile action="delete" file="#newfile#">
21            </cfif>        
22        </cfif>
23    </cfif>
25    <cfif errors is "">
26        <cfoutput>
27        <p>
28        Here is where we would update the database and send the user away...
29        </p>
30        </cfoutput>
31        <cfabort>
32    </cfif>
36<cfif errors neq "">
37    <cfoutput>
38    <p>
39    <b>Please correct the following error(s):<br />
40    #errors#
41    </b>
42    </p>
43    </cfoutput>
47<form action="imageuploadform.cfm" method="post" enctype="multipart/form-data">
49    <tr>
50        <td>Your Name:</td>
51        <td><input type="text" name="name" value=""></td>
52    </tr>
53    <tr>
54        <td>Your Picture:</td>
55        <td><input type="file" name="picture"></td>
56    </tr>
57    <tr>
58        <td>&nbsp;</td>
59        <td><input type="submit" name="save" value="Save"></td>
60    </tr>


  • Commented on 05-30-2007 at 7:05 AM

    Too bad Godaddy won't upgrade to 8 until 2012.

    I may be switching to hostmysite quicker than I planned just for this feature!
  • Commented on 05-30-2007 at 9:17 AM
    I have a couple of dozen sites at CrystalTech, which has been reasonably good about quick-but-not-too-quick adaptation of CF upgrades and I hope to see CF8 on the shareds there not too long after it is released...
  • Commented on 05-30-2007 at 10:29 AM
    Ray, you state:
    "if a filename points to an image file that ColdFusion can work with"

    What are the image file types that CF can work with, and can you pass a list/array/whatever of image types your files can work with. For example, CF may consider WMF files as images, but my web app can't use them. So not only determine if it is an image, but if it is within a user settable range of image types?
  • Commented on 05-30-2007 at 11:09 AM
    The file types that CF can wrk on is partially dependent on your system. Luckily - CF provides a function to tell you what they are: getReadableImageFormats().

    Hmmm. Interesting. The imageInfo function does NOT seem to return it. You can check extensions, but that may lie.

    Let me get back to you, and feel free to bug me if i forget.
  • Commented on 05-30-2007 at 11:20 AM
    The file extension not matching the file type is where I was one direction I was trying to go with my question. I know that I can set mime types in the CFFILE tag when uploading, but it is my understanding that that info comes from the user agent sending the file, so could be incorrect, much like the file extension being incorrect.

    Would be good if there were a way to not only check that a file is an image (which I assume that it just doesn't check the file extension) as well as check for a specific image file type.

    Thanks for looking into it Ray.
  • Lola LB #
    Commented on 05-30-2007 at 2:07 PM
    Godaddy's not going to upgrade till 2012? boggle Thanks for the heads-up . . . that's one hosting service off my list.
  • Rick #
    Commented on 07-30-2008 at 5:28 AM
    Hi Ray, is there a big performance difference between FileExists and IsImageFile? If so, what are they?

    Thank you.
  • Commented on 07-30-2008 at 6:48 AM
    @Rick: Well, really, that's not a fair question. One function determines if a file exists. That's all it does. isImageFile checks the binary bits of a file to see if it is an image. So fileExists should naturally be quicker, but it isn't doing as much.
  • Commented on 12-18-2008 at 1:50 PM
    @Ray: Did you ever find out if there is a way to determine the image file format beyond checking the file extension?
  • Commented on 12-18-2008 at 4:24 PM
    Nope. I'm sure there is a way.
  • Commented on 08-07-2011 at 3:27 PM
    All I have to say is Thank you.

    If only the web was full of helpful people like you. This post has really! helped me.

Post Reply

Please refrain from posting large blocks of code as a comment. Use Pastebin or Gists instead. Text wrapped in asterisks (*) will be bold and text wrapped in underscores (_) will be italicized.

Leave this field empty