On 4/22/07, Myron Turner <turnermm02@xxxxxxx> wrote:
Jonathan wrote:
> Alain Roger wrote:
>> Hi,
>>
>> In my web application, end user is able to load images (png, jpeg,
>> gif,..)
>> into database.
>> I would like to know how can i detect automatically the type of image
>> (pnd,
>> jpeg,...) ?
>> i do not want to check the extension because this is easily faked...
>> just by
>> renaming it.
>>
>> Does it exist a technique for that ?
>>
>> thanks a lot,
>>
>
> Is there anything wrong with just using $_FILES['upload_name']['type']?
>
$_FILES['upload_name']['type'] appears to believe the extension. Try
it--upload a file with a misleading extension.
This same question was asked yesterday and the advice was to use
string *mime_content_type* ( string filename)
That doesn't seem to get fooled very easily, though I suppose you could
fool it if you went to the effort of, say, setting up a fake image
header, when what you are sending is a time bomb.
M.
Yeah right, a time bomb with an image header :P
It should have an ELF header :) But then it would be detected by the
mime_content_type i guess.
Tijnema
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
