Michdd Posted November 2, 2008 Share Posted November 2, 2008 I noticed that if someone uploads an html file renamed .gif it allows them to upload it, and it works like a website, how can I run a check in php to see if it's really an image. Quote Link to comment Share on other sites More sharing options...
graham23s Posted November 2, 2008 Share Posted November 2, 2008 Hi Mate, you could check: $_FILES['userfile']['type']; this will check the type of file uploaded which can be: images/gif so if the type of file uploaded isn't equal to image/gif or image/jpg etc then its not an image file hope that helps Graham Quote Link to comment Share on other sites More sharing options...
Michdd Posted November 2, 2008 Author Share Posted November 2, 2008 Hi Mate, you could check: $_FILES['userfile']['type']; this will check the type of file uploaded which can be: images/gif so if the type of file uploaded isn't equal to image/gif or image/jpg etc then its not an image file hope that helps Graham So if the uploaded file is a .gif image that will output: images/gif? So I could use: $check = $_FILES['userfile']['type']; if($check =! "images/gif"){ die(); } RighT? Quote Link to comment Share on other sites More sharing options...
graham23s Posted November 2, 2008 Share Posted November 2, 2008 yep thats it so basically you have: image/jpg image/jpeg image/gif image/png that's the main ones you could put them all in an array to! then if none of these are in the array then... die() Graham Quote Link to comment Share on other sites More sharing options...
bobbinsbro Posted November 2, 2008 Share Posted November 2, 2008 ??? but i thought the browsers check the file extension to determine the mime-types which they send to the server... Quote Link to comment Share on other sites More sharing options...
Andy-H Posted November 2, 2008 Share Posted November 2, 2008 $check = $_FILES['userfile']['type']; $name = explode('.', $_FILES['userfile']['name']); $i = count($name) - 1; $ext = $name[$i]; if ($check == "image/" . $ext){ //upload file }else{ //give error } Would that work? //EDIT: Changed split() to explode() after my grilling on resource usages in another topic lol Quote Link to comment Share on other sites More sharing options...
thebadbad Posted November 2, 2008 Share Posted November 2, 2008 ??? but i thought the browsers check the file extension to determine the mime-types which they send to the server... bobbinsbro is right as far as I know. Have a look at my posts at this topic. Quote Link to comment Share on other sites More sharing options...
AndyB Posted November 2, 2008 Share Posted November 2, 2008 I noticed that if someone uploads an html file renamed .gif it allows them to upload it, and it works like a website, how can I run a check in php to see if it's really an image. Use the getimagesize() function - it only works with images http://ca.php.net/manual/en/function.getimagesize.php Quote Link to comment Share on other sites More sharing options...
Michdd Posted November 2, 2008 Author Share Posted November 2, 2008 I noticed that if someone uploads an html file renamed .gif it allows them to upload it, and it works like a website, how can I run a check in php to see if it's really an image. Use the getimagesize() function - it only works with images http://ca.php.net/manual/en/function.getimagesize.php I know of that function, and I use it, how would I prepare something so that if it fails, then die or something similar to that? And, um doesn't that only work if the server is already uploaded somewhere? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.