What i want is the actual file contents to be validated. I.e if the file is a pdf, i want to check that it really is a pdf. And not another file type in disguise.
for example, the following works with images and pdf's but not for word files
$file = 'example.pdf'; // pdf gives pdf, images give correct image, but doc and docx gives zip
$file_info = new finfo(FILEINFO_MIME);
echo $mime_type = $file_info->buffer(file_get_contents($file));
Ah, I see. Sorry I thought you were trying to get users to upload a php file. My apologies.
Your server settings should prevent php files from being 'run' unless they have a .php extension. *I think*