如何在PHP中检查上传的文件类型
我用这段代码来检查图像的类型,
I used this code to check for the type of images,
$f_type=$_FILES['fupload']['type'];
if ($f_type== "image/gif" OR $f_type== "image/png" OR $f_type== "image/jpeg" OR $f_type== "image/JPEG" OR $f_type== "image/PNG" OR $f_type== "image/GIF")
{
$error=False;
}
else
{
$error=True;
}
但有些用户抱怨他们在上传任何类型的图像时出错,而有些用户则没有出错!
but some users complain they get an error while uploading any type of images, while some others don't get any errors!
我想知道这是否能解决问题:
I was wondering if this fixes the problem:
if (mime_content_type($_FILES['fupload']['type']) == "image/gif"){...
有什么意见吗?
推荐答案
永远不要使用 $_FILES..['type'].其中包含的信息根本没有经过验证,它是用户定义的值.自己测试类型.对于图片,exif_imagetype 通常是一个不错的选择选择:
Never use $_FILES..['type']. The information contained in it is not verified at all, it's a user-defined value. Test the type yourself. For images, exif_imagetype is usually a good choice:
$allowedTypes = array(IMAGETYPE_PNG, IMAGETYPE_JPEG, IMAGETYPE_GIF);
$detectedType = exif_imagetype($_FILES['fupload']['tmp_name']);
$error = !in_array($detectedType, $allowedTypes);
或者,finfo 函数 也很棒,如果您的服务器支持它们.
Alternatively, the finfo functions are great, if your server supports them.
相关文章