Protect file uploads via PHP

Posted June 12, 2009
Filed under: 1, 1st PHP Web, Linux, OOPS, PHP, htaccess, ~Tips~ | Tags: file upload, get mime type, get mime type in php, getid3 for mime type, protect from hackers, protect uploaded file |

Check server-side MIME type of uploaded files

The PHP form variable $_FILES['file']['type'] does not return correct mime type, so we have to use some php functions like…….
> finfo_file()
> getimagesize()
> exif_imagetype()


if(version_compare(substr(PHP_VERSION,0,1),5) == -1)
{
$san	= finfo_open(FILEINFO_MIME);
$mime	= finfo_file($san,$FileName);
$tmpvar = explode(";", $mime);
finfo_close($san);
if($mime == "image/jpeg")
{
echo "this is jpeg";
}
else
{
echo "this is not jpeg";
}
}

One can use getID3 [http://getid3.sourceforge.net/] classes to get mime type other than images….

Don’t upload to a web accessible directory

Protect your directory to execute perticular file type by putting a .htacces file in directory

AddType text/plain .php .js .cgi

more help here:
http://www.askapache.com/htaccess/mod_rewrite-tips-and-tricks.html

M	T	W	T	F	S	S
« May				Jul »
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

	SANJU GUJRAL on Read PDF and Word DOC Files Us…
	Patrick on nameservers on EC2
	jamesburns00 on Google Tricks
	Sandeep Verma on Install Fonts in Fedora
	rollerfebaybe on Install Fonts in Fedora

Sandeep Verma

Protect file uploads via PHP

No comments yet

Leave a reply

Blog Stats

Time Stamp

Google Search

Categories

Recent Comments

Top Clicks

Archives

Blogroll

Rich Site Summary

Hot Tags

Recent Posts

What is spam?

Pages

Meta Keywords