Posted: Mon Feb 26, 2007 9:28 am
Never ever ever ever use the "type" element supplied in the $_FILES entry. That information is supplied by the client submitting and is not even remotely checked by PHP.
Verify the file using getimagesize() and/or mime_content_type().
Verify the file using getimagesize() and/or mime_content_type().