Even if you can embed PHP in a GIF it would still need to be executed by
PHP as PHP code, would PHP actually execute that file when it looks like
an image, I would think PHP would output an error?
More importantly though, you should be checking the file extension of
uploaded files to make sure it is only a .gif
James
jonathan wrote:
what is the best way to prevent malicious code from being uploaded via a
.gif file? A friend showed me how php could be embedded within the .gif
file. Does this problem also exist for .jpeg's?
thanks,
jon
--
---------------------------------------------------------
http://www.ciwcertified.com - Master CIW Designer
http://www.zend.com - Zend Certified Engineer
http://www.jamesbenson.co.uk
---------------------------------------------------------
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
