Home/ Questions/Q 4081798
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T18:06:25+00:00

so now i have <?php if (($_FILES[fileToUpload][type] == image/gif || $_FILES[fileToUpload][type] == image/jpeg ||

  • 0

so now i have 

<?php if (($_FILES["fileToUpload"]["type"] == "image/gif" || $_FILES["fileToUpload"]["type"] == "image/jpeg" || $_FILES["fileToUpload"]["type"] == "image/png") && $_FILES["fileToUpload"]["size"] < 10000000)
  {
  move_uploaded_file($_FILES["fileToUpload"]["tmp_name"],
    "upload/" . $_FILES["fileToUpload"]["name"]);
  }
else
  {
  echo "Files must be either JPEG, GIF, or PNG and less than 10,000 kb";
  }

?>

and im still getting to the else statement. i think i should have everything right. .

here is some html from the page before..

 <form enctype="multipart/form-data" action="upload.php" method="POST">
 Please choose a file: <input name="uploaded" type="file" /><br />
 <input type="submit" value="Upload" />
 </form>

but that shouldnt be the problem

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Checking the mime-type provided in the ['type'] section of $_FILES is insecure. It’s data provided by the client who uploaded the file, and can easily be subverted. It’s best to do a server-side check of the file type and work off your own data, rather than trusting the client to be honest:

    if ($_FILES['uploaded'] === UPLOAD_ERR_OK) {
   // file was successfully uploaded
   $info = getimagesize($_FILES['uploaded']['tmp_name']);
   if (($info['mime'] != 'image/gif') && ($info['mime'] != 'image/jpeg')) {
        // not a jpeg
   } else {
       // upload went ok, do more processing
   }
} else {
   die("File upload error, code #{$_FILES['uploaded']['error']}");
}
    • 0