Home > Archive > PHP Language > February 2007 > how to safety upload jpeg
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
how to safety upload jpeg
|
|
|
| how can i check if file which user upload at server is truly jpeg, and
is not hacking script 'script.php' which name was changed at
script.jpg. checking mime type doesn't solve it?
| |
|
| Gene <ox.gene@wp.pl> wrote:
> how can i check if file which user upload at server is truly jpeg, and
> is not hacking script 'script.php' which name was changed at
> script.jpg. checking mime type doesn't solve it?
I usually abuse getimagesize() for that.
--
Rik Wasmus
| |
| OmegaJunior 2007-02-05, 7:58 am |
| On Sun, 04 Feb 2007 01:23:43 +0100, Gene <ox.gene@wp.pl> wrote:
> how can i check if file which user upload at server is truly jpeg, and
> is not hacking script 'script.php' which name was changed at
> script.jpg. checking mime type doesn't solve it?
>
You upload it to the server anyway, and have the server tell you what kind
of file it is, instead of the browser.
--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
|
|
|
|
|