David Otton wrote:

$_FILES['userfile']['type']

   The mime type of the file, if the browser provided this
   information. An example would be "image/gif".



So, check $_FILES['userfile']['type'] against a set of allowed file types, and you're set...



A client-supplied value isn't going to be too useful - it can be spoofed, or may not be present. (I believe a Windows browser would set the mime-type based purely on the file extension, though I haven't tested this myself).


Then my apologies. I thought php determined the file type on upload, and not rely on user input as your're saying.
Makes me rethink some of my own code :)



-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php



Reply via email to