Jump to content

Trying to use finfo() to get MIME type

limitbreaker

By limitbreaker
in PHP Coding Help

 Share

Recommended Posts

limitbreaker Newbie

limitbreaker

Posted
Posted

Hi,

Basically I'm trying to see if a file is a photo, video, or sound by detecting mime type through the finfo functions:

$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime = finfo_file($finfo, $file['tmp_name']);

Thing is, my following if statements aren't detecting the mime types properly (meaning EVERYTHING is considered a photo):

if ( $mime == ("image/jpeg" || "image/pjpeg" || "image/gif" || "image/png" || "image/x-png") ) 

elseif ( $mime == ("video/mp4" || "video/x-ms-wmv") ) 

elseif ( $mime == ("audio/mpeg" || "audio/x-wav" || "audio/x-ms-wma") ) 

else { header("Location:home.php"); }

I'm guessing finfo is giving me problems, but I don't really know another way to distinguish these files. Is there possibly a different way I can get a little higher level of security (I know MIME types can be faked)?

 

*The statements do have properly functioning code in brakets {}, I just removed it for the sake of simplicity

 

--Thanks in advance

Link to comment
Share on other sites
limitbreaker Newbie

limitbreaker

Posted
  • Author
Posted

The || operator does not work like that. You have to use full conditions for each test:

if ($mime == 'image/jpeg' || $mime == 'image/pjpeg' || $mime == 'image/gif' ...)
An alternative is to use in_array with an array of possible mime types.

 

Alright, this distinguishes images from other media, but the only other filetype that makes it through this filter successfully is wav. Anything else just gives the upload successful message but nothing happens at all. This is the code in each if statement (only slight variations for each):

mysql_query("INSERT INTO updates (id,name,numb,music,folder) VALUES('$id', '$name', '$num', '${file['name']}', '$folder')");
move_uploaded_file($file["tmp_name"], "users/$id/$folder/${file["name"]}");

would something like $_FILES['file']['type'] work instead of this finfo()?

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.