--- In [email protected], <[EMAIL PROTECTED]> wrote: > ------------------------------------ > > Hi Ian, > > This depends on if you trust what the browser sends as a MIME type? > > If the browser sends a MIME type then it will be in - > $_FILES['userfile']['type'] however any hacker can spoof the MIME type. This > may be a problem depending on what sort of emails you are sending? > text/attachment or HTML/attachment? ie - Are the images(or other objects) > going to be in the email or just an attachment? > > If you are only allowing image type uploads then the actual MIME type can be > extracted with the parts of the GD image functions. > > For more information google RFC2387. > > Robert. >
Text only, and i believe they would only be sending excel files, jpeg's and gif's. They'd just be an attachment, i do realize the people receiving these e-mails aren't the best at recognizing bad emails as i've had to reformat there computers several times because of virus overrun. i'll check into the google idea see what that brings up. I'd try not to let any form of script run in the e-mail sent to them.
