Hy,

First of all i would not allow upload of any graphical files without
extensions, like it is allowed on a Mac. The reason for this is that
graphical fiels without a certain extension like *.gif *.jpg *.png will
mostly not be recognized by any browser as some graphic.

A suggestion would be only to allow files with extensions, and there only a
limited amount, so everythign else generates an error.

on 19.05.2001 1:30 Uhr, matthew knight at [EMAIL PROTECTED] wrote:

> 
> i've created an application where users can upload images through the form
> upload, and to ensure that they are sending me an image, i take a look at
> the type of the file (ie. $uploadedfile_type), which usually returns
> something like
> 
> image/x-png
> 
> however.. not always.. so secondly, i check for a file extension using
> $uploadedfile_name, but if they've loaded it from a mac.. i can't be sure
> there will be a filename.. so, those things both failing in some cases.. is
> there any other way of checking the filetype of a file?
> 
> i'm concerned that some could upload malicious content and run it (although
> the execute flag is turned off, AND the filename is difficult to get.. ) and
> would like to reduce the possiblity..
> 
> any suggestions?
> 
> 
> --
> matthew knight - online developer
> [EMAIL PROTECTED]
> 
> 


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to