[nycphp-talk] uploaded files
Rahmin Pavlovic
rahmin at insite-out.com
Wed Jul 26 12:23:49 EDT 2006
On 7/26/06 11:37 AM, "Daniela Gutierrez" <daniela at ula.ve> wrote:
> Hi everybody!
>
> I would like to know how to verify that the files they had been uploaded
> by some user are j peg, because I only want them to upload images and I
> also want to be sure that they are not uploading some kind of malicious
> files. Is there any function or something like it that I could use??
> Thanks, and sorry for my English ;)
You can check to see:
if (stristr($_FILES['file_field']['name'],'.jpg')=='' &&
stristr($_FILES['file_field']['name'],'.jpeg')=='') {
// not okay
}
else {
// okay
}
That just checks for the existence of the file-extension in the filename
(which you can tighten up), but I'm guessing you can do something similar to
the following if you have a recent version of GD installed:
if(!imagecreatefromjpeg($_FILES['file_field']['tmp_name'])) {
// file doesn't appear to be a valid jpeg
}
More information about the talk
mailing list