0

hi, i am a begineer in php, i have written the below code to upload all file type except executable file (.exe file), but whenever i run it in web browser like mozzila it works for me but whenever i try it in google chrome it does not work i mean even .exe files too get uploaded..

upload.php file

<?php
//print_r($_FILES);
if(is_uploaded_file($_FILES['f1']['tmp_name']))
{
$fname=$_FILES['f1']['name'];
echo $fname;
}
$type=$_FILES['f1']['type'];
echo $type;
if($type=="application/octet-stream")
{
echo "not support";
}
else 
if(move_uploaded_file($_FILES['f1']['tmp_name'],"kk/$fname"))
{
echo"file is moved";
}
else
{
echo"not";
}
?>

select.html file
<form method="POST" action="upload.php" enctype="multipart/form-data">
Selectfile:<input name="f1" type="file">
<br>
<input type='submit' name='sub' value='upload'>
</form>

pls can any body help me with this problem..

2
Contributors
1
Reply
12
Views
2 Years
Discussion Span
Last Post by cereal
0

Don't rely on the value returned by the $_FILES array because is set by the client, which can be altered or simply different from what expected. For example some executives will return application/x-dosexec.

Use the finfo library:

$finfo  = new finfo(FILEINFO_MIME_TYPE);
$type   = $finfo->file($file);

if(in_array($type, array('mime', 'blacklist')))
{
    # ... deny ...
}

Docs: http://php.net/manual/en/function.finfo-file.php

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.