Drongo_III Posted April 22, 2012 Share Posted April 22, 2012 Hi Guys Quick question. I am just starting an application that enables users to upload files - specifically image files. As one of the validation/security steps I want to run a check on file type and file size. As far as i can see you do this one of two ways: 1) using the $_FILES array - i.e. $_FILES[name][type] and $_FILES[name] or 2) using the getimagesize() function. What i want to know is whether one of these methods is preferable for security or do they both suffer the same inherent flaws - because lots of post online seem to suggest filetype can be faked. advice would be appreciated Link to comment https://forums.phpfreaks.com/topic/261421-determining-filetype-for-upload/ Share on other sites More sharing options...
MMDE Posted April 22, 2012 Share Posted April 22, 2012 Googling some will find you some nice answers! For example: http://stackoverflow.com/questions/4166762/php-image-upload-security-check-list Link to comment https://forums.phpfreaks.com/topic/261421-determining-filetype-for-upload/#findComment-1339594 Share on other sites More sharing options...
Drongo_III Posted April 22, 2012 Author Share Posted April 22, 2012 Thank MMDE That's a very useful post. What i am trying to discover is which method is most robust for discovering file type though? Or are they just the same? Googling some will find you some nice answers! For example: http://stackoverflow.com/questions/4166762/php-image-upload-security-check-list Link to comment https://forums.phpfreaks.com/topic/261421-determining-filetype-for-upload/#findComment-1339597 Share on other sites More sharing options...
MMDE Posted April 22, 2012 Share Posted April 22, 2012 Thank MMDE That's a very useful post. What i am trying to discover is which method is most robust for discovering file type though? Or are they just the same? Googling some will find you some nice answers! For example: http://stackoverflow.com/questions/4166762/php-image-upload-security-check-list You should use several different types of checks, not just one, and in a somewhat logical order. Link to comment https://forums.phpfreaks.com/topic/261421-determining-filetype-for-upload/#findComment-1339599 Share on other sites More sharing options...
Drongo_III Posted April 22, 2012 Author Share Posted April 22, 2012 Sorry i might not be explaining myself very well. I intend to do lots of other checks. What I am trying to discover is whether $_FILES[name][type] or getimagesize() is better for discovering the true file type? OR are they exactly the same in what they'll return? Thank MMDE That's a very useful post. What i am trying to discover is which method is most robust for discovering file type though? Or are they just the same? Googling some will find you some nice answers! For example: http://stackoverflow.com/questions/4166762/php-image-upload-security-check-list You should use several different types of checks, not just one, and in a somewhat logical order. Link to comment https://forums.phpfreaks.com/topic/261421-determining-filetype-for-upload/#findComment-1339602 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.