|
|
Posted by Kenneth Downs on 08/24/05 06:56
fingermark@gmail.com wrote:
> I'm writing an upload script and would like to know what is the safest
> way to validate a file type that is being uploaded to a server?
>
> I am accepting just bmp, jpg, png, and gif.
>
> Here are is what I have come accross:
> $_FILES['userfile']['type'] - I heard this is not safe
> $imginfo = getimagesize($filename); - I heard this is safer
$tmp = $f_new = $_FILES["control_name"]["tmp_name"];
$type = mime_content_type($dir.$f_tmp);
switch ($type) {
case "image/jpeg":
echo "OK, it's a picture";
case "evil windows virus":
echo "Executables not allowed!"
}
--
Kenneth Downs
Secure Data Software, Inc.
(Ken)nneth@(Sec)ure(Dat)a(.com)
Navigation:
[Reply to this message]
|