Twitter: raymondcamden

Address: Lafayette, LA, USA

ColdFusion 8: Checking to see if a file upload is an image

05-30-2007 10,367 views ColdFusion

Welcome to the very first of my ColdFusion 8 blog postings. (Well, the first since the public release.) My goal for these entries is to look at features, big and small, and show some practical examples. For my first entry, I'm going to talk about something simple - validating that a file uploaded is an image.

As you probably heard, ColdFusion 8 has about 900 or so image functions. Ok, it isn't quite that much, but there are quite a few of them. (By the way, I'm speaking on image features at CFUNITED.) Probably the most common thing you will need to do is simple validation on a file upload. What do I mean by that?

Imagine a preferences form. It asks you things like your name, email address, and other items. It also lets you upload a picture of yourself. How do you validate that the file is an image? After the file is uploaded, it takes all of one call:

view plain print about
1<cfif not isImageFile(newfile)>

The isImageFile function simply checks and see if a filename points to an image file that ColdFusion can work with. Here is a slightly larger example:

view plain print about
1<cfif not len(trim(form.picture))>
2    <cfset errors = errors & "Avast Ye! Include a picture or walk the plank!<br />">

4    <cffile action="upload" destination="#expandPath('./images')#" nameConflict="makeunique" filefield="picture" result="fileupload">
5    <cfif fileupload.fileWasSaved>
6        <cfset newfile = fileupload.serverdirectory & "/" & fileupload.serverfile>
8        <cfif not isImageFile(newfile)>
9            <cfset errors = errors & "Avast Ye! Include a VALID picture or walk the plank!<br />">
10            <!--- clean up --->
11            <cffile action="delete" file="#newfile#">
12        </cfif>        
13    </cfif>

In this code block, I not only check and see if the user selected something to upload, I also handle the upload, check to see if it is an image, and even handle the cleanup if not. Note the special "Pirate" mode for errors. I love that.

A complete example is included below. Tomorrow I'll follow this up with a simple size check. That would be useful to for preventing users from upload 2 meg pictures or overly large wide/high pictures.

view plain print about
1<cfset errors = "">
2<cfparam name="" default="">
3<cfparam name="form.picture" default="">
5<cfif structKeyExists(form, "save")>
6    <cfif not len(trim(>
7        <cfset errors = errors & "Avast Ye! Include a name or walk the plank!<br />">

8    </cfif>
10    <cfif not len(trim(form.picture))>
11        <cfset errors = errors & "Avast Ye! Include a picture or walk the plank!<br />">
12    <cfelse>
13        <cffile action="upload" destination="#expandPath('./images')#" nameConflict="makeunique" filefield="picture" result="fileupload">
14        <cfif fileupload.fileWasSaved>
15            <cfset newfile = fileupload.serverdirectory & "/" & fileupload.serverfile>
17            <cfif not isImageFile(newfile)>
18                <cfset errors = errors & "Avast Ye! Include a VALID picture or walk the plank!<br />">
19                <!--- clean up --->
20                <cffile action="delete" file="#newfile#">
21            </cfif>        
22        </cfif>
23    </cfif>
25    <cfif errors is "">
26        <cfoutput>
27        <p>
28        Here is where we would update the database and send the user away...
29        </p>
30        </cfoutput>
31        <cfabort>
32    </cfif>
36<cfif errors neq "">
37    <cfoutput>
38    <p>
39    <b>Please correct the following error(s):<br />
40    #errors#
41    </b>
42    </p>
43    </cfoutput>
47<form action="imageuploadform.cfm" method="post" enctype="multipart/form-data">
49    <tr>
50        <td>Your Name:</td>
51        <td><input type="text" name="name" value=""></td>
52    </tr>
53    <tr>
54        <td>Your Picture:</td>
55        <td><input type="file" name="picture"></td>
56    </tr>
57    <tr>
58        <td>&nbsp;</td>
59        <td><input type="submit" name="save" value="Save"></td>
60    </tr>