type check while uploading

[anujgarg]

Hi Everyone,

 

How can I check the exact type of a file while uploading on my site?

 

Here is the scenario:

I have allowed only .jpg, .gif, .png files to be uploaded on my site. Suppose an user renames his .exe file with .jpg file. In this case, how can I prevent it to be uploaded on the server?

 

Please suggest...

 

TIA

Anuj

[Deoctor]

can he be able to rename it back in ur server

[anujgarg]

he has renamed the file on his local system before uploading..the server will treat it as .jpg not an .exe...true or false?

[Deoctor]

the server will treat it as a jpg only,but the case turns bad if he can change it on ur server..

if he cannot change it then there is not need for u to worry abt..

 

[vinpkl]

for more security you can add "filesize" limit.

 

vineet

[mrMarcus]

getimagesize will give you the correct mime type of the file for usage upon uploading of the file.

 

<?php
$filename = 'your_image.jpg';
$size = getimagesize($filename);
echo $size['mime']; //will print image/jpeg;
?>

 

create an array with acceptable file types:

 

basic example;

<?php
$filename = $_POST['image'];
$size = getimagesize($filename);

//array holding allowed file (mime) types;
$allowed = array (
'image/jpeg',
'image/gif',
'image/png',
'image/bmp'
);

//and then check against that array;
if (in_array ($size['mime'], $allowed))
{
//file is ok;
}
else
{
//file not ok .. do some error handling;
}
?>

 

NOTE: getimagesize will only work on images.  if the image has its extension renamed to an image extension, this route will detect that the digital signature of the file is that other than an image, but will not return the mime type of that .exe, .bat, .whatever

 

so, it is a useful function.

 

to get more into resolving mime types, you can always look into which offers a fileinfo extension.

[Deoctor]

i dont think the size will resolve anything,coz there are exes which are quite less in size and there are images which are having large sizes.

so size checking will not do any thing..

[mrMarcus]

i dont think the size will resolve anything,coz there are exes which are quite less in size and there are images which are having large sizes.

so size checking will not do any thing..

 

you're right, size has nothing to do with it in this case, which is why i didn't check for the file size, i checked the MIME type which is what is going to tell you if people are trying to be sneaky with renaming file extensions, etc.

 

the code checks the MIME type of the file using getimagesize (just because the word size is in the function name, doesn't mean that its only use), and if the MIME type does not match that of any in the array, the file is not uploaded.

 

be sure to read entire post, and even test the code before making such statements.

[Deoctor]

i dont think the size will resolve anything,coz there are exes which are quite less in size and there are images which are having large sizes.

so size checking will not do any thing..

 

you're right, size has nothing to do with it in this case, which is why i didn't check for the file size, i checked the MIME type which is what is going to tell you if people are trying to be sneaky with renaming file extensions, etc.

 

the code checks the MIME type of the file using getimagesize (just because the word size is in the function name, doesn't mean that its only use), and if the MIME type does not match that of any in the array, the file is not uploaded.

 

be sure to read entire post, and even test the code before making such statements.

 

i cannot understand  is ur problem..

the comment i made was not for you MR.

one more user has given that to check filesize..

so mind ur words....

do read the post fully before replying

[mrMarcus]

touché.