I was reading through the documentation at php.net link and came along the following

Question

0

Editorial Team

Asked: June 13, 20262026-06-13T10:20:30+00:00 2026-06-13T10:20:30+00:00

I was reading through the documentation at php.net link and came along the following

0

I was reading through the documentation at php.net link and came along the following line:

$_FILES[‘userfile’][‘type’]

The mime type of the file, if the browser provided this information. An example 
would be "image/gif". This mime type is however NOT checked on the PHP side 
and therefore don't take its value for granted.

So how would one go about verifying that the file is of a proper mime type to prevent users from uploading potentially harmful files to the server; or otherwise causing bugs in code executed server side(since I might attempt to use a jpeg-only function on a file that isn’t really a jpeg image)?

thanks in advance

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-13T10:20:31+00:00

Editorial Team

2026-06-13T10:20:31+00:00Added an answer on June 13, 2026 at 10:20 am

You can use finfo_file to find out what type PHP thinks the file is. However, I don’t think this can be relied on, either. I believe it uses heuristics, it doesn’t scan the entire file to make sure it’s completely valid. E.g. if it begins with something like <html> it will say it’s text/html, it’s not going to parse the entire thing to make sure it’s all correct.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I was reading through the documentation at php.net link and came along the following

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply