Jump to content

Archived

This topic is now archived and is closed to further replies.

JustFoo

PHP file upload script

Recommended Posts

Hello all,
I have created a file upload script in php and it works fine however i was wondering is there a way to restrict what files i allow people to upload not based on the extension because right now i only allow .txt and .jpeg files but if i have a .exe file and i just add or change the extension to .txt i can still upload the file. is there a way to do another type of check on the file to figure if its an .exe or .dll or some other type of file besides the extension?

thanks in advance
JustFoo

Share this post


Link to post
Share on other sites
You can enforce MIME types also...

if (eregi('^image/p?jpeg(;.*)?$', $_FILES['upload']['type']

There are a few issues though, and you still want to simply check extentions also to keep hackers from adding code the the end of a .jpg file with a binary editor and then ending it in .php which the MIME would be an image still...

Also IE uses the standard compliant image/pjpeg while mozilla uses image/jpeg and opera even uses something different.

I'm sure someone can add more to this post, my thoughts are kinda scattered today.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.