PHPReader: file format validation?

Topics: Developer Forum, User Forum
Feb 3, 2010 at 2:04 PM

On my website there's upload-form for excel-files. First I like to check the file if it really an excel-file(Exel5 or 2007, not CSV). It is not enought just to check the extension like xls or xlsx. Maybe there are some user just have fun to rename images to xls.

First attemp was:
$PHPExcel = PHPExcel_IOFactory::load($filename);
But this even load all. It is possible to load images and they have one sheet.

Second attemp was:
$PHPReader = PHPExcel_IOFactory::createReaderForFile($filename);
assName = get_class($PHPReader);
if (($className != 'PHPExcel_Reader_Excel5') && ($className != 'PHPExcel_Reader_Excel2007') ) {
    return false;
But in this case it is event possible to load DOC files.

So what is your favorite code for check your excel-files (format)??

Greetings from Berlin


Feb 3, 2010 at 2:47 PM
Edited Feb 3, 2010 at 2:48 PM

you should be able to do this server side, prior to loading.

$tmp = explode('.', $filename);

    case 'xlsx':
         // do something else
        $type = 'Excel 2007';
    case 'xls':
        $type = 'Excel5';

Feb 3, 2010 at 3:50 PM

thank you boogyman for your note, but this is not secure enough.

Like I write in my text: just to check the extension is not enought. I missing a validation of the format of the data from the file.

Feb 4, 2010 at 11:05 PM

Work item created: