On 4/22/07, Myron Turner <[EMAIL PROTECTED]> wrote:
Jonathan wrote: > Alain Roger wrote: >> Hi, >> >> In my web application, end user is able to load images (png, jpeg, >> gif,..) >> into database. >> I would like to know how can i detect automatically the type of image >> (pnd, >> jpeg,...) ? >> i do not want to check the extension because this is easily faked... >> just by >> renaming it. >> >> Does it exist a technique for that ? >> >> thanks a lot, >> > > Is there anything wrong with just using $_FILES['upload_name']['type']? >$_FILES['upload_name']['type'] appears to believe the extension. Try it--upload a file with a misleading extension. This same question was asked yesterday and the advice was to use string *mime_content_type* ( string filename) That doesn't seem to get fooled very easily, though I suppose you could fool it if you went to the effort of, say, setting up a fake image header, when what you are sending is a time bomb. M.
Yeah right, a time bomb with an image header :P It should have an ELF header :) But then it would be detected by the mime_content_type i guess. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
