Jump to content


Photo

PHP file upload script


  • Please log in to reply
1 reply to this topic

#1 JustFoo

JustFoo
  • Members
  • PipPip
  • Member
  • 17 posts

Posted 23 June 2006 - 02:00 PM

Hello all,
I have created a file upload script in php and it works fine however i was wondering is there a way to restrict what files i allow people to upload not based on the extension because right now i only allow .txt and .jpeg files but if i have a .exe file and i just add or change the extension to .txt i can still upload the file. is there a way to do another type of check on the file to figure if its an .exe or .dll or some other type of file besides the extension?

thanks in advance
JustFoo

#2 phpstuck

phpstuck
  • Members
  • PipPipPip
  • Advanced Member
  • 59 posts

Posted 23 June 2006 - 09:40 PM

You can enforce MIME types also...

if (eregi('^image/p?jpeg(;.*)?$', $_FILES['upload']['type']

There are a few issues though, and you still want to simply check extentions also to keep hackers from adding code the the end of a .jpg file with a binary editor and then ending it in .php which the MIME would be an image still...

Also IE uses the standard compliant image/pjpeg while mozilla uses image/jpeg and opera even uses something different.

I'm sure someone can add more to this post, my thoughts are kinda scattered today.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users