Don't trust file extensions. Use getimagesize() to examine the file.

$imginfo = getimagesize($uploadfile);
switch ($imginfo[2]) {
  case 1: // gif
  case 2: // jpg
  case 3: // png
  case 4: // swf
  default: // not an image
}


> -----Original Message-----
> From: Jens Nedal [mailto:[EMAIL PROTECTED]]
> Sent: Monday, May 21, 2001 3:26 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [PHP-DB] image upload -> mime types??
> 
> 
> Hy,
> 
> First of all i would not allow upload of any graphical files without
> extensions, like it is allowed on a Mac. The reason for this is that
> graphical fiels without a certain extension like *.gif *.jpg 
> *.png will
> mostly not be recognized by any browser as some graphic.
> 
> A suggestion would be only to allow files with extensions, 
> and there only a
> limited amount, so everythign else generates an error.
> 
> on 19.05.2001 1:30 Uhr, matthew knight at [EMAIL PROTECTED] wrote:
> 
> > 
> > i've created an application where users can upload images 
> through the form
> > upload, and to ensure that they are sending me an image, i 
> take a look at
> > the type of the file (ie. $uploadedfile_type), which usually returns
> > something like
> > 
> > image/x-png
> > 
> > however.. not always.. so secondly, i check for a file 
> extension using
> > $uploadedfile_name, but if they've loaded it from a mac.. i 
> can't be sure
> > there will be a filename.. so, those things both failing in 
> some cases.. is
> > there any other way of checking the filetype of a file?
> > 
> > i'm concerned that some could upload malicious content and 
> run it (although
> > the execute flag is turned off, AND the filename is 
> difficult to get.. ) and
> > would like to reduce the possiblity..
> > 
> > any suggestions?
> > 
> > 
> > --
> > matthew knight - online developer
> > [EMAIL PROTECTED]
> > 
> > 
> 
> 
> -- 
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: 
> [EMAIL PROTECTED]
> 

Reply via email to