validating file uploads - various techniques - PHP Server Side Scripting forum at WebmasterWorld

Forum Moderators: coopster

Message Too Old, No Replies

validating file uploads - various techniques

which do you prefer?

mgm_03

4:48 pm on Aug 20, 2005 (gmt 0)

From my reading there is some consensus that using $_FILES['userfile']['type'] to validate an uploaded file is a security risk.

Other approaches include using getimagesize(), exif_mimetype(), and checking the last chars in the file extension (e.g. .jpg).

Does anyone have an argument for or against these?

coopster

1:56 am on Aug 21, 2005 (gmt 0)

I edit check things as many ways as I can to protect against potential issues. Have you read this discussion?

PHP Peer Code Review [webmasterworld.com]

mgm_03

10:34 pm on Aug 23, 2005 (gmt 0)

Thanks for the link. Good read.

My new problem on validating file uploads is Internet Explorer. My file upload script works properly using Firefox (Mac / Win) and Safari. However, it seems that IE is not reporting the MIME type because $_FILES['image']['type'] fails when a comparison is made with 'image/jpg' or 'image/jpeg'.

So, I cannot get .jpg images to upload using IE (6)