[nycphp-talk] uploaded files
Daniela Gutierrez
daniela at ula.ve
Fri Jul 28 11:21:52 EDT 2006
Thanks Chris, I've already tried getimagesize() and it works great, but
I also might allow the users to upload an image as pdf or some others
formats like tif or may be bmp I don't know yet, but I think that I
could validate those types of files with a system call to `file -i`, I
would give me the type of file also, I'm not sure if it's safe but I'm
gonna try and see what happens, thanks for your answer, I appreciate it
so much!
Daniela
csnyder wrote:
>On 7/26/06, Daniela Gutierrez <daniela at ula.ve> wrote:
>
>
>>Hi everybody!
>>
>>I would like to know how to verify that the files they had been uploaded
>>by some user are j peg, because I only want them to upload images and I
>>also want to be sure that they are not uploading some kind of malicious
>>files. Is there any function or something like it that I could use??
>>Thanks, and sorry for my English ;)
>>
>>
>
>To reiterate Tedd Sperling's advice, the best way to check whether an
>uploaded file is a jpeg is to use getimagesize() and check that index
>2 of the returned array is equal to 2. (http://php.net/getimagesize
>for details)
>
>Checking the file extension will miss jpegs uploaded from a Macintosh
>(which might not have an extension).
>
>
>
More information about the talk
mailing list