1

For some reason the image type displays as "application/png" in IE 7 and Edge but "image/png" in Chrome and Firefox. I've tried several different images, jpegs do the same thing. Is this normal? Should I include an or statement to account for the "application/png"? Or am I doing something wrong?

      if ((($screenshot_type == 'image/gif') || ($screenshot_type == 'image/jpeg') || 
      ($screenshot_type == 'image/pjpeg') || ($screenshot_type == 'image/png')) && 
      (($screenshot_size > 0) && ($screenshot_size <= GW_MAXFILESIZE))) {
      if ($_FILES['screenshot']['error'] == 0) {

        // Move the file to the targe upload folder
        $target = GW_UPLOADPATH . $screenshot;
        if (move_uploaded_file($_FILES['screenshot']['tmp_name'], $target)) {
            // Connect to the database
            $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME)
              or die('Unable to connect to databse');
            // Write the data to the database
            $query = "INSERT INTO guitarwars VALUES (0, NOW(), '$name', '$score', '$screenshot')";
            mysqli_query($dbc, $query)
              or die('Unable to complete query');

            // Confirm success with the user
            echo '<p>Thanks for adding your new high score!</p>';
            echo '<p><strong>Name:</strong> ' . $name . '<br>';
            echo '<strong>Score:</strong> ' . $score . '</p>';
            echo '<img src="' . GW_UPLOADPATH . $screenshot . '" alt="Score image" /></p>';
            echo '<p><a href="index.php">&lt;&lt; Back to high scores</a></p>';

            // Clear the score data to clear the form
            $name = "";
            $score = "";
            $screenshot = "";

            mysqli_close($dbc);
      }
      else {
        echo '<p class="error">Sorry, there was a problem uploading your screen shot image.</p>';
      }
    }
  }
  else {
    echo '<p class="error">The screen shot must be a GIF, JPEG, or PNG image file no ' .
      'greater than ' . (GW_MAXFILESIZE / 1024) . ' KB in size.<br>' . $screenshot_size . '<br>' . $screenshot_type . '</p>';
  }
Melvin
  • 150
  • 1
  • 17
  • You better check for [file extension, than for mime type](http://stackoverflow.com/questions/7349473/php-file-upload-mime-or-extension-based-verification). – shaggy May 01 '17 at 00:54

1 Answers1

-1

Different browsers and operating systems supply different mime-types. You should perhaps instead just use http://php.net/getimagesize on the uploaded file, and switch on $getimagesizeresult[2] with cases for IMG_PNG, IMG_JPG, IMG_GIF and apply an appropriate mime type on your own.

faffaffaff
  • 3,429
  • 16
  • 27
  • Sorry, I downvoted because your answer isn't safe; getimagesize is not safe when dealing with files uploaded by customers, the link itself says so. But then I saw that query code in the question, and it's not using prepared statements, which is also not safe. Hopefully nobody uses the question or answer for public image uploads. – Tom Anderson Aug 31 '23 at 04:45