Check File extension in php when file upload

Question

I have check extension of uploaded file in php if jpg|png|gif than upload otherwise not allow to upload

$allowed =  array('gif','png' ,'jpg');
$filename = $_FILES['video_file']['name'];
$ext = pathinfo($filename, PATHINFO_EXTENSION);
if(!in_array($ext,$allowed) ) {
    echo 'error';
}

but what happen when i change .php or .mp3 file to jpg|png|gif and upload

so how i can stop this type of file upload in php

gif, png and jpgs are allowed so they would be uploaded. What exactly do you want to do? — Dieter Kräutl, Aug 30 '18 at 13:24

score 2 · Answer 1 · answered Aug 30 '18 at 13:26

2

With this you can get the mimetype and can check against your "whitelist":

 $finfo = finfo_open(FILEINFO_MIME_TYPE);
 echo finfo_file($finfo, $filename);

answered Aug 30 '18 at 13:26

BlackNetworkBit

768
11
21

Check File extension in php when file upload

1 Answers1