Jump to content

Archived

This topic is now archived and is closed to further replies.

r08m

validating mime types

Recommended Posts

I am doing a script that uploads files but I need the users only to be able to upload JPEG images.  I have developed the following code which is unusable since the expression always comes to true:

[code]
$mimetype = $arch_info['type'];
if(is_uploaded_file($arch_info['tmp_name'])){
    if (($mimetype != "image/jpeg") || ($mimetype != "image/pjpeg")){
        header("location:./upsimgs.php?status=tipoimg");
        exit;
}
[/code]

I have checked the type of data that the "type" property returns, which returns a "string" and strip it with the code below to check if it had any special characters to no avail.

[code]
echo $mimetype . "<br>";
for($contador=0;$contador < strlen($mimetype); $contador++){
  $letra=substr($mimetype,$contador,1);
  echo $letra . ord($letra) . "<br>";
}
[/code]


This is not for security purposes just to make the user uploads the correct type since these files will be uploaded to another ODBC database (which I will love to have access to and change many things) that accepts only JPEGS and file size less than 190KB.

I'm pretty sure that what I have is a logic error but I can't see it.  Please I need your help!

Thanks in advanced.

Rob Muro

Share this post


Link to post
Share on other sites
where is $arch_info['type'] being assigned?

try echoing $mimetype to see what it's holding when it's being checked

[code]
$mimetype = $arch_info['type'];
echo $mimetype;
if (...)
[/code]
maybe you aren't passing the value correctly or something.

Share this post


Link to post
Share on other sites
I didn't find the best solution but I figured:

[code]
if(is_uploaded_file($file_info['tmp_name'])){
  if ($file_info['type'] != "image/pjpeg"){
    if($file_info['type'] != "image/jpeg"){
      header("location:./upsimgs.php?status=imgtype");
      exit;
    }
  }
}
[/code]

an it worked!

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.