Have a look at my file upload article at:
http://p2p.wrox.com/topic.asp?TOPIC_ID=12104
You can see in this file a simple check of the MIME type.
Code:
// image. MIME type testing isn't foolproof, it is possible to spoof this.
// The size testing, however, is not spoofable.
if (($_FILES['userfile']['size'] <= 10000) && ($_FILES['userfile']['type'] == 'image/jpeg' || $_FILES['userfile']['type'] == 'image/pjpeg'))
{
// Give the file a new name to prevent one user from overwriting files
If you want something more foolproof, and don't mind the extra overhead you can also add a call to a function that returns the image's dimensions.
if (@getimagesize($_FILES['userfile']['tmp_name']))
This function call in most contexts would return the image's width and height in pixels as an array. Here I'm simply using the function to verify that a valid image file has been supplied.
See:
http://www.php.net/getimagesize
I also added error supression because this function throws a warning if the file supplied is not a valid image.
Regards,
Rich
::::::::::::::::::::::::::::::::::::::::::
The Spicy Peanut Project
http://www.spicypeanut.net
::::::::::::::::::::::::::::::::::::::::::