issue uploading images

Forum Moderators: coopster

Message Too Old, No Replies

issue uploading images

users having issues uploading images

Wolf_man

8:17 pm on Jan 5, 2007 (gmt 0)

On my website I have it so users can upload .jpg images.
I have php test to make sure the file is a .jpg.

The problem is, anyone on a mac recives an error that they are not uploading a jpg.

is there a special mime type i need to enter for people using macs?

what I have:

if(
($_FILES['thefile']['type'] == "image/jpeg") ŚŚ ($_FILES['thefile']['type'] == "image/pjpeg") ŚŚ ($_FILES['thefile']['type'] == "image/jfif")ŚŚ ($_FILES['thefile']['type'] == "image/pjp")ŚŚ ($_FILES['thefile']['type'] == "image/jpe")ŚŚ ($_FILES['thefile']['type'] == "image/jpg"))
{
//upload file
}
else
{
//return error
}

eelixduppy

10:13 pm on Jan 5, 2007 (gmt 0)

Maybe a list of Multimedia MIMEs [w3schools.com] will help you out.

Make sure, though, that whatever you are doing with the uploaded images can be done with the file format, otherwise you may have to restrict some image formats too.

Good luck! :)

hughie

11:58 am on Jan 7, 2007 (gmt 0)

I've run into this a few times with other file types, i believe it's the browser that's passing you the file type, not PHP, so $_FILES['thefile']['type'] is an unreliable and unsecure approach.

I've not really come up with a perfect way round it, a safe approach is to simply check the file extension (so long as jpegs aren't parsed by PHP), then check the image dimensions once uploaded, if it's 0x0 it's probably not a jpeg.

If you don't check for file extension then people could spoof the file type and allow anything to be uploaded to the server.

I know with GIF files you can easily insert php code into the file, rename it as mygif.php and it'll get past PHP's image type no problem. Then you just call mygif.php with your browser and run said inserted code.

EDIT
Take a look here
[uk.php.net...] (comment by ivan DOT cukic )