|
|
Posted by BoneIdol on 11/16/07 10:59
On 16 Nov, 08:36, Mad Hatter <co...@class31.co.uk> wrote:
> > The extension is as unreliable as the submitted content type. Don't use
> > it for security purposes.
>
> What's the safest way of checking the file type? The script isn't visible
> to site users but I would rather be safe just in case someone finds it.
To check a file's mime type
http://uk.php.net/manual/en/ref.fileinfo.php
or http://uk.php.net/manual/en/function.mime-content-type.php if you
have PECL installed.
Personally, I just stick to using file extensions. Most supplied MIME
types are application/octet-stream anyway.
A quick and dirty way to get the extension:
$extension = strrev(substr(strrev($_FILES['userfile']['name']), 0,
strpos(strrev($_FILES['userfile']['name']), '.')));
(It reverses a string so that it gets the first from the end then
reverses the result)
Navigation:
[Reply to this message]
|