Hi group,
I have following code for uploading a file in PHP:
$target = "/var/www/html/sa/usr_bg_imgs/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$ext = $_FILES['uploaded']['type'];
However, $_FILES['uploaded']['type'] will not work for JPG files since
it returns nothing!
It works fine for other files. For example for gif files I do get:
image/gif as MIME and text/plain for text files but when I try
test.jpg it doesn't recognize the MIME type.
This is an issue since checking the physical file extension is not a
right way in terms of security. What should I do?
Is this a PHP bug?!
Thanks. 8 1382
..oO(amit)
>I have following code for uploading a file in PHP:
$target = "/var/www/html/sa/usr_bg_imgs/"; $target = $target . basename( $_FILES['uploaded']['name']) ; $ext = $_FILES['uploaded']['type'];
However, $_FILES['uploaded']['type'] will not work for JPG files since it returns nothing!
It works fine for other files. For example for gif files I do get: image/gif as MIME and text/plain for text files but when I try test.jpg it doesn't recognize the MIME type.
This is an issue since checking the physical file extension is not a right way in terms of security. What should I do?
Check the file content, that's the only (almost) reliable way. If it's
just for images, use getimagesize(). For other file types it can get
more difficult. The PECL extension Fileinfo might be helpful. http://pecl.php.net/package/fileinfo
>Is this a PHP bug?!
No. Informations like file extension and content type are sent by the
browser, hence completely unreliable. They don't have to be there at
all, so you have to check the file content.
Micha
On Mar 19, 5:05*pm, Michael Fesser <neti...@gmx.dewrote:
.oO(amit)
I have following code for uploading a file in PHP:
$target = "/var/www/html/sa/usr_bg_imgs/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$ext * *= $_FILES['uploaded']['type'];
However, $_FILES['uploaded']['type'] will not work for JPG files since
it returns nothing!
It works fine for other files. For example for gif files I do get:
image/gif as MIME and text/plain for text files but when I try
test.jpg it doesn't recognize the MIME type.
This is an issue since checking the physical file extension is not a
right way in terms of security. What should I do?
Check the file content, that's the only (almost) reliable way. If it's
just for images, use getimagesize(). For other file types it can get
more difficult. The PECL extension Fileinfo might be helpful.
http://pecl.php.net/package/fileinfo
Is this a PHP bug?!
No. Informations like file extension and content type are sent by the
browser, hence completely unreliable. They don't have to be there at
all, so you have to check the file content.
Micha
Hi Micha,
Thank you so much. yes, I'm using it for uploading image files so you
are saying using getimagesize() is a good way to recognize its
validation. Right?
Regards.
On Mar 19, 5:05*pm, Michael Fesser <neti...@gmx.dewrote:
.oO(amit)
I have following code for uploading a file in PHP:
$target = "/var/www/html/sa/usr_bg_imgs/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$ext * *= $_FILES['uploaded']['type'];
However, $_FILES['uploaded']['type'] will not work for JPG files since
it returns nothing!
It works fine for other files. For example for gif files I do get:
image/gif as MIME and text/plain for text files but when I try
test.jpg it doesn't recognize the MIME type.
This is an issue since checking the physical file extension is not a
right way in terms of security. What should I do?
Check the file content, that's the only (almost) reliable way. If it's
just for images, use getimagesize(). For other file types it can get
more difficult. The PECL extension Fileinfo might be helpful.
http://pecl.php.net/package/fileinfo
Is this a PHP bug?!
No. Informations like file extension and content type are sent by the
browser, hence completely unreliable. They don't have to be there at
all, so you have to check the file content.
Micha
One thing is that I tried it as
$size = getimagesize($target);
print_r($size);
However, it doesn't show the output sometimes and I see a blank page
only. Any comments?
Thanks.
..oO(amit)
>Thank you so much. yes, I'm using it for uploading image files so you are saying using getimagesize() is a good way to recognize its validation. Right?
Yep. This function returns informations about the image if it is an
image actually. See the manual for details and supported image types.
Micha
..oO(amit)
>One thing is that I tried it as
$size = getimagesize($target); print_r($size);
However, it doesn't show the output sometimes and I see a blank page only. Any comments?
Maybe $target wasn't image data recognized by getimagesize()? It only
supports a handful of formats.
Micha
On Mar 19, 5:26*pm, Michael Fesser <neti...@gmx.dewrote:
.oO(amit)
One thing is that I tried it as
* *$size = getimagesize($target);
* *print_r($size);
However, it doesn't show the output sometimes and I see a blank page
only. Any comments?
Maybe $target wasn't image data recognized by getimagesize()? It only
supports a handful of formats.
Micha
No, it is a JPG file and I can open it using Paint. I can also check
the width=200 and height=200 using Paitn/Photoshop!
On Mar 19, 5:26*pm, Michael Fesser <neti...@gmx.dewrote:
.oO(amit)
One thing is that I tried it as
* *$size = getimagesize($target);
* *print_r($size);
However, it doesn't show the output sometimes and I see a blank page
only. Any comments?
Maybe $target wasn't image data recognized by getimagesize()? It only
supports a handful of formats.
Micha
This is so strange:
I upload the file without any restriciton (for now) then I haveL
$size = getimagesize($target);
print_r($size);
However, it shows nothing. It is a JPG file and as far as I know it is
supported.
Thanks.
On Mar 19, 5:26*pm, Michael Fesser <neti...@gmx.dewrote:
.oO(amit)
One thing is that I tried it as
* *$size = getimagesize($target);
* *print_r($size);
However, it doesn't show the output sometimes and I see a blank page
only. Any comments?
Maybe $target wasn't image data recognized by getimagesize()? It only
supports a handful of formats.
Micha
Micha,
Please ignore my last comment I checked the log file and found an
issue. Thank you so much. now works fine.
Regards. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: William C. White |
last post by:
Does anyone know of a way to use PHP /w Authorize.net AIM without using
cURL? Our website is hosted on a shared drive and the webhost company
doesn't installed additional software (such as cURL)...
|
by: Albert Ahtenberg |
last post by:
Hello,
I don't know if it is only me but I was sure that header("Location:url")
redirects the browser instantly to URL, or at least stops the execution of
the code. But appearantely it continues...
|
by: James |
last post by:
Hi,
I have a form with 2 fields.
'A'
'B'
The user completes one of the fields and the form is submitted.
On the results page I want to run a query, but this will change
subject to which...
|
by: Ollivier Robert |
last post by:
Hello,
I'm trying to link PHP with Oracle 9.2.0/OCI8 with gcc 3.2.3 on a Solaris9
system. The link succeeds but everytime I try to run php, I get a SEGV from
inside the libcnltsh.so library.
...
|
by: Richard Galli |
last post by:
I want viewers to compare state laws on a single subject.
Imagine a three-column table with a drop-down box on the top. A viewer
selects a state from the list, and that state's text fills the...
|
by: Albert Ahtenberg |
last post by:
Hello,
I have two questions.
1. When the user presses the back button and returns to a form he filled
the form is reseted. How do I leave there the values he inserted?
2. When the...
|
by: inderjit S Gabrie |
last post by:
Hi all
Here is the scenerio ...is it possibly to do this...
i am getting valid course dates output on to a web which i have designed
....all is okay so far , look at the following web url
...
|
by: Jack |
last post by:
Hi All,
What is the PHP equivilent of Oracle bind variables in a SQL statement, e.g.
select x from y where z=:parameter
Which in asp/jsp would be followed by some statements to bind a value...
|
by: Sandwick |
last post by:
I am trying to change the size of a drawing so they are all 3x3.
the script below is what i was trying to use to cut it in half ... I
get errors.
I can display the normal picture but not the...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |