Validating a filetype during file upload
Posted: Mon Mar 15, 2004 5:08 am
Hi
I have setup file upload systems on many of our sites. I am having problems validating the file type that has been uploaded. Obviously I would like to prevent .php and .exe files being uploaded. How can i prevent this successfully? i have tried to use the $_FILES['userfile']['type'] variable but when a php file is uploaded it displays in this variable as "text/html" which is the same as for a html document which i dont want to deny users the ability to upload. i also thought of taking the filename and taking the ending of it eg xxxx.php - if last 4 letters = .php then error or if last 4 letters = .exe then error. but this cant be the best way.
any ideas would be greatly appreciated.
cheers
I have setup file upload systems on many of our sites. I am having problems validating the file type that has been uploaded. Obviously I would like to prevent .php and .exe files being uploaded. How can i prevent this successfully? i have tried to use the $_FILES['userfile']['type'] variable but when a php file is uploaded it displays in this variable as "text/html" which is the same as for a html document which i dont want to deny users the ability to upload. i also thought of taking the filename and taking the ending of it eg xxxx.php - if last 4 letters = .php then error or if last 4 letters = .exe then error. but this cant be the best way.
any ideas would be greatly appreciated.
cheers