Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- PHP bug?!!
March 19, 2008, 11:45 pm
rate this thread
I have following code for uploading a file in PHP:
$target = "/var/www/html/sa/usr_bg_imgs/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$ext = $_FILES['uploaded']['type'];
However, $_FILES['uploaded']['type'] will not work for JPG files since
it returns nothing!
It works fine for other files. For example for gif files I do get:
image/gif as MIME and text/plain for text files but when I try
test.jpg it doesn't recognize the MIME type.
This is an issue since checking the physical file extension is not a
right way in terms of security. What should I do?
Is this a PHP bug?!
Re: PHP bug?!!
Check the file content, that's the only (almost) reliable way. If it's
just for images, use getimagesize(). For other file types it can get
more difficult. The PECL extension Fileinfo might be helpful.
No. Informations like file extension and content type are sent by the
browser, hence completely unreliable. They don't have to be there at
all, so you have to check the file content.