On Thu, 18 Apr 2002, Miguel Cruz wrote:

} Not sure what you're tring to achieve, but that only checks the file's
} name. You might want to use file (man 1 file) to verify that it actually
} is a JPEG, since people can put malicious data into a file named xxx.jpg
} and perhaps fool IE into doing bad things.

Another idea:

$the_file_type = $HTTP_POST_FILES['filename']['type'];

$registered_types = array(
    "image/gif"                 => ".gif",
    "image/pjpeg"                => ".jpg, .jpeg",
    "image/jpeg"                => ".jpg, .jpeg",
    "application/msword"            => ".doc",
    "application/vnd.ms-excel"        => ".xls",
    "application/octet-stream"        => ".exe, .fla",
    "application/pdf"                 => ".pdf"

$allowed_images = array("image/gif","image/pjpeg","image/jpeg");

 if (!in_array($the_file_type,$allowed_images))
 // produce your error text here

This looks at the mimetype of the file, using the
$HTTP_POST_FILES['filename']['type'] varible [note that "filename" is the
name passed from your form - "type" is the actual string you need to use
to access the mimetype.

Read http://us.php.net/manual/en/features.file-upload.php for more info on



Vince LaMonica               UC Irvine,  School  of  Social Ecology
 W3 Developer       <*>      116 Social Ecology I, Irvine, CA 92697
 [EMAIL PROTECTED]                     https://www.seweb.uci.edu/~vjl

If Bill Gates had a nickel for every time Windows crashed...
                  ... oh wait, never mind.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to