我如何判断是否有人伪造文件类型?(PHP)
我正在编写一些程序,允许用户在网络服务器上存储文档和图片,以便以后存储和检索.当用户将文件上传到我的服务器时,PHP 会根据扩展名告诉我它是什么文件类型.但是,我担心用户可以将 zip 文件重命名为 somezipfile.png 并存储它,从而在我的服务器上保留一个 zip 文件.有什么合理的方法可以打开上传的文件并检查"它是否真的属于上述文件类型?
I'm programming something that allows users to store documents and pictures on a webserver, to be stored and retrieved later. When users upload files to my server, PHP tells me what filetype it is based on the extension. However, I'm afraid that users could rename a zip file as somezipfile.png and store it, thus keeping a zip file on my server. Is there any reasonable way to open an uploaded file and "check" to see if it truly is of the said filetype?
推荐答案
幻数.如果您可以读取二进制文件的前几个字节,您就可以知道它是什么类型的文件.
Magic number. If you can read first few bytes of a binary file you can know what kind of file it is.
相关文章