Hi all,

I need to figure out how to validate the contents of a file. I know how to do it via mime and extension, but i could still upload, for example, a php file that would satisfy those checks.

Any ideas?



Member Avatar

I don't understand what you're getting at. You want your users to upload php files?

Are these for you to peruse/check or are they supposed to be run in situ?

Seems a bit dodgy to me.

What i want is the actual file contents to be validated. I.e if the file is a pdf, i want to check that it really is a pdf. And not another file type in disguise.

for example, the following works with images and pdf's but not for word files

$file = 'example.pdf'; // pdf gives pdf, images give correct image, but doc and docx gives zip

$file_info = new finfo(FILEINFO_MIME);
echo $mime_type = $file_info->buffer(file_get_contents($file));
Member Avatar

Ah, I see. Sorry I thought you were trying to get users to upload a php file. My apologies.
Your server settings should prevent php files from being 'run' unless they have a .php extension. *I think*