On Thu, 18 Apr 2002, Miguel Cruz wrote:
} Not sure what you're tring to achieve, but that only checks the file's
} name. You might want to use file (man 1 file) to verify that it actually
} is a JPEG, since people can put malicious data into a file named xxx.jpg
} and perhaps fool IE into doing bad things.
Another idea:
$the_file_type = $HTTP_POST_FILES['filename']['type'];
$registered_types = array(
"image/gif" => ".gif",
"image/pjpeg" => ".jpg, .jpeg",
"image/jpeg" => ".jpg, .jpeg",
"application/msword" => ".doc",
"application/vnd.ms-excel" => ".xls",
"application/octet-stream" => ".exe, .fla",
"application/pdf" => ".pdf"
);
$allowed_images = array("image/gif","image/pjpeg","image/jpeg");
if (!in_array($the_file_type,$allowed_images))
{
// produce your error text here
}
This looks at the mimetype of the file, using the
$HTTP_POST_FILES['filename']['type'] varible [note that "filename" is the
name passed from your form - "type" is the actual string you need to use
to access the mimetype.
Read http://us.php.net/manual/en/features.file-upload.php for more info on
this.
HTH,
/vjl/
--
Vince LaMonica UC Irvine, School of Social Ecology
W3 Developer <*> 116 Social Ecology I, Irvine, CA 92697
[EMAIL PROTECTED] https://www.seweb.uci.edu/~vjl
If Bill Gates had a nickel for every time Windows crashed...
... oh wait, never mind.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
