Jump to content


PHP file upload script

  • Please log in to reply
1 reply to this topic

#1 JustFoo

  • Members
  • PipPip
  • Member
  • 17 posts

Posted 23 June 2006 - 02:00 PM

Hello all,
I have created a file upload script in php and it works fine however i was wondering is there a way to restrict what files i allow people to upload not based on the extension because right now i only allow .txt and .jpeg files but if i have a .exe file and i just add or change the extension to .txt i can still upload the file. is there a way to do another type of check on the file to figure if its an .exe or .dll or some other type of file besides the extension?

thanks in advance

#2 phpstuck

  • Members
  • PipPipPip
  • Advanced Member
  • 59 posts

Posted 23 June 2006 - 09:40 PM

You can enforce MIME types also...

if (eregi('^image/p?jpeg(;.*)?$', $_FILES['upload']['type']

There are a few issues though, and you still want to simply check extentions also to keep hackers from adding code the the end of a .jpg file with a binary editor and then ending it in .php which the MIME would be an image still...

Also IE uses the standard compliant image/pjpeg while mozilla uses image/jpeg and opera even uses something different.

I'm sure someone can add more to this post, my thoughts are kinda scattered today.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users