1

Some weird case when I tried a simple php code to check the file type and it couldn't pass through. Any mistake from the below code ? Thanks in advance.

if(($_FILES["file"]["type"]!="image/jpeg")||
            ($_FILES["file"]["type"]!="image/gif")||
            ($_FILES["file"]["type"]!="image/png")){
            echo "File must be in format of jpeg,gif or png.";
        }
hakre
  • 193,403
  • 52
  • 435
  • 836
Eric T
  • 1,026
  • 3
  • 20
  • 42
  • You have `enctype="multipart/form-data"` in your html form right? If yes and you can print_r $_FILES then look for answer what @deceze gave. – arma Apr 10 '11 at 02:08

4 Answers4

5

"Not a JPEG", "not a GIF", "not a PNG". At least two of these conditions have to be true. Since you're using ||, if any of these is true, the whole if condition is true.

You're looking for "is not JPEG and is not GIF and is not PNG".

Apart from that, you can use the much more succinct form:

!in_array($_FILES["file"]["type"], array('image/jpeg', 'image/gif', 'image/png'))

Also, the $_FILES["file"]["type"] is user supplied information which you shouldn't trust. You should try to figure out the MIME type yourself from the file itself. For example, see How to get the content-type of a file in PHP?.

Community
  • 1
  • 1
deceze
  • 510,633
  • 85
  • 743
  • 889
1

mime_content_type('php.gif') will output image/gif

Craig White
  • 13,492
  • 4
  • 23
  • 36
  • thanks for remind me about the type being check using mime as deceze mention this too. Thanks guys. – Eric T Apr 10 '11 at 02:10
1

Your conditionals are wrong, you want "&&" rather than "||". Also, $_FILES["file"]["type"] is the type as reported by the browser, so it may well be incorrect or missing. Have you tried logging it to see what exactly the browser is sending?

You'd be much better served by using FileInfo or the like to check the type, or seeing if GD or another image processing extension accepts it.

Anomie
  • 92,546
  • 13
  • 126
  • 145
0

I would prefer getimagesize() to avoid problems with the mime-types, especially of JPEGs, where are a lot of mime-types are possible.(As Anomie wrote $_FILES["file"]["type"] is the type as reported by the browser).

Try it, take some exotic filetype and give it an extension like .gif or .jpg.

$_FILES["file"]["type"] will report something like 'image.gif' or 'image.jpeg', but getimagesize() will return false, because it detects that the file is not an image.

This can be used to upload e.g. PHP-scripts onto the server.

Also note: never trust any uploaded file, images may be correct but can also contain PHP-code inside comments. So be sure that those images never can be included by any PHP-script on your server.(additionally you could check the image for PHP-code)

Dr.Molle
  • 116,463
  • 16
  • 195
  • 201