Reply to Re: Uploads and mime type — PHP Programming Language

Posted by BoneIdol on 11/16/07 10:59

On 16 Nov, 08:36, Mad Hatter <co...@class31.co.uk> wrote:
> > The extension is as unreliable as the submitted content type. Don't use
> > it for security purposes.
>
> What's the safest way of checking the file type? The script isn't visible
> to site users but I would rather be safe just in case someone finds it.

To check a file's mime type

http://uk.php.net/manual/en/ref.fileinfo.php

or http://uk.php.net/manual/en/function.mime-content-type.php if you
have PECL installed.

Personally, I just stick to using file extensions. Most supplied MIME
types are application/octet-stream anyway.

A quick and dirty way to get the extension:

$extension = strrev(substr(strrev($_FILES['userfile']['name']), 0,
strpos(strrev($_FILES['userfile']['name']), '.')));

(It reverses a string so that it gets the first from the end then
reverses the result)

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация