|
|
Posted by Kenneth Downs on 08/24/05 15:48
Kenneth Downs wrote:
> fingermark@gmail.com wrote:
>
>> I'm writing an upload script and would like to know what is the safest
>> way to validate a file type that is being uploaded to a server?
>>
>> I am accepting just bmp, jpg, png, and gif.
>>
>> Here are is what I have come accross:
>> $_FILES['userfile']['type'] - I heard this is not safe
>> $imginfo = getimagesize($filename); - I heard this is safer
>
> $tmp = $f_new = $_FILES["control_name"]["tmp_name"];
> $type = mime_content_type($dir.$f_tmp);
^^^^^^^^
that's a mistake, s/b: mime_content_type($tmp);
>
> switch ($type) {
> case "image/jpeg":
> echo "OK, it's a picture";
> case "evil windows virus":
> echo "Executables not allowed!"
> }
>
>
--
Kenneth Downs
Secure Data Software, Inc.
(Ken)nneth@(Sec)ure(Dat)a(.com)
[Back to original message]
|