Page 1 of 1
$_FILES['file']['type'] Question
Posted: Tue Jun 24, 2008 8:12 am
by santomonasterio
The information inside $_FILES['file']['type'] is the one provided by the browser ?
Or PHP/Apache get this info by itself ?
Thanks

Re: $_FILES['file']['type'] Question
Posted: Tue Jun 24, 2008 9:16 am
by Mordred
Re: $_FILES['file']['type'] Question
Posted: Tue Jun 24, 2008 9:05 pm
by LBmtb
Lots of things to do when doing file uploads. First of all and maybe most importantly, use is_uploaded_file() (move_uploaded_file() checks for that automatically, btw). Do you have a whitelist of files types you accept from the user? If so add in validation that checks for those types.
Re: $_FILES['file']['type'] Question
Posted: Wed Jun 25, 2008 1:47 am
by Mordred
http://www.scanit.be/uploads/php-file-upload.pdf for starters
There are some issues with that paper, which I'm too lazy to write about yet, but it covers the basics and (hopefully) eliminates the most stupid mistakes one can make.