JustFoo Posted June 23, 2006 Share Posted June 23, 2006 Hello all,I have created a file upload script in php and it works fine however i was wondering is there a way to restrict what files i allow people to upload not based on the extension because right now i only allow .txt and .jpeg files but if i have a .exe file and i just add or change the extension to .txt i can still upload the file. is there a way to do another type of check on the file to figure if its an .exe or .dll or some other type of file besides the extension?thanks in advanceJustFoo Quote Link to comment https://forums.phpfreaks.com/topic/12730-php-file-upload-script/ Share on other sites More sharing options...
phpstuck Posted June 23, 2006 Share Posted June 23, 2006 You can enforce MIME types also...if (eregi('^image/p?jpeg(;.*)?$', $_FILES['upload']['type']There are a few issues though, and you still want to simply check extentions also to keep hackers from adding code the the end of a .jpg file with a binary editor and then ending it in .php which the MIME would be an image still...Also IE uses the standard compliant image/pjpeg while mozilla uses image/jpeg and opera even uses something different.I'm sure someone can add more to this post, my thoughts are kinda scattered today. Quote Link to comment https://forums.phpfreaks.com/topic/12730-php-file-upload-script/#findComment-48923 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.