Hi Matthew,
I ignore both the mime-type and the extension, and assume mistakes (sooner or
later) by the user.
Running getimagesize() on the file will show what image type it is by actually
looking at the file. If it isn't one of those types, I delete it. If it is a
correct type, I force the correct extension on it to prevent errors.
kind regards,
bill
matthew knight wrote:
> i've created an application where users can upload images through the form
> upload, and to ensure that they are sending me an image, i take a look at
> the type of the file (ie. $uploadedfile_type), which usually returns
> something like
>
> image/x-png
>
> however.. not always.. so secondly, i check for a file extension using
> $uploadedfile_name, but if they've loaded it from a mac.. i can't be sure
> there will be a filename.. so, those things both failing in some cases.. is
> there any other way of checking the filetype of a file?
>
> i'm concerned that some could upload malicious content and run it (although
> the execute flag is turned off, AND the filename is difficult to get.. ) and
> would like to reduce the possiblity..
>
> any suggestions?
>
> --
> matthew knight - online developer
> [EMAIL PROTECTED]
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
