0

How do I check what file $_FILES is? I've seen ways, where MIME-TYPE is used, but I've read that checking the MIME-TYPE is not a save method. I know how it works with images. There you can use Attributes like "IMAGE_JPG" or "IMAGE_PNG". But "TEXT_HTML" doesnt exist.

So please help me, i would like to use the only proper Way.

Wahyu Kristianto
  • 8,719
  • 6
  • 43
  • 68

2 Answers2

2

mime_content_type can helps you.

Returns the MIME content type for a file as determined by using information from the magic.mime file.

if(mime_content_type($_FILES['name']) == 'text/html'){
    // HTML file
}

If you want to check another mime-types, you can see my gist.

Wahyu Kristianto
  • 8,719
  • 6
  • 43
  • 68
  • Yes, but the MIME-TYPE is easy to change by the user. This is not a save method. –  Sep 23 '18 at 13:12
  • Did you try it? :) Try to change your image extension to another – Wahyu Kristianto Sep 23 '18 at 13:17
  • 1
    @MyNameisKev One thing is the mime key on the $_FILES variable, that is set by the browser. But suggested solution runs checks on the uploaded file itself independently. – msg Sep 23 '18 at 13:20
  • So.. what should i use? Pathinfo or mime_content_type? What is more secure? –  Sep 23 '18 at 13:29
  • **`pathinfo` is just information about the file**. You have `test.php`, `pathinfo` will show `.php` extension. If you change `.php` to `.html`, `pathinfo` will show `.html` extension. Just information about the file. – Wahyu Kristianto Sep 23 '18 at 13:35
0

Use pathinfo()

$file_parts = pathinfo($filename);
switch($file_parts['extension'])
{
    case "html":
    each 'Your file is HTML file';
    break;
 }
Wahyu Kristianto
  • 8,719
  • 6
  • 43
  • 68
Osama
  • 2,912
  • 1
  • 12
  • 15