Possible Duplicate: How to check if an uploaded file is an image without mime

Question

0

Asked: June 16, 20262026-06-16T17:20:04+00:00 2026-06-16T17:20:04+00:00

Possible Duplicate: How to check if an uploaded file is an image without mime

0

Possible Duplicate:
How to check if an uploaded file is an image without mime type?
uploading, processing, storing and delivering user-provided files and images

i have image sharing script, i made half of it.
the user can rename any php or cgi file to .jpg and upload it and it upload succfully

How to prevent uploading such fake images?

here is my way to check the file type

 $userfile_type = $_FILES['file']['type'];

and when i rename php file to php.jpg it can be uploaded easly.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-16T17:20:06+00:00

// return mime type ala mimetype extension
$finfo = finfo_open(FILEINFO_MIME_TYPE);
    $type = finfo_file($finfo, $tmp_name);
finfo_close($finfo);

This is the server giving you the type of the file and not the browser as in your example.

With GD you can do something like
getimagesize()
which returns zero if the file is not an image

EDIT: “getimagesize is not a GD library function. It’s native to PHP” Thanks Vivek

Happy coding !!

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Possible Duplicate: How to check if an uploaded file is an image without mime

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply