Hy,
First of all i would not allow upload of any graphical files without
extensions, like it is allowed on a Mac. The reason for this is that
graphical fiels without a certain extension like *.gif *.jpg *.png will
mostly not be recognized by any browser as some graphic.
A suggestion would be only to allow files with extensions, and there only a
limited amount, so everythign else generates an error.
on 19.05.2001 1:30 Uhr, matthew knight at [EMAIL PROTECTED] wrote:
>
> i've created an application where users can upload images through the form
> upload, and to ensure that they are sending me an image, i take a look at
> the type of the file (ie. $uploadedfile_type), which usually returns
> something like
>
> image/x-png
>
> however.. not always.. so secondly, i check for a file extension using
> $uploadedfile_name, but if they've loaded it from a mac.. i can't be sure
> there will be a filename.. so, those things both failing in some cases.. is
> there any other way of checking the filetype of a file?
>
> i'm concerned that some could upload malicious content and run it (although
> the execute flag is turned off, AND the filename is difficult to get.. ) and
> would like to reduce the possiblity..
>
> any suggestions?
>
>
> --
> matthew knight - online developer
> [EMAIL PROTECTED]
>
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
