$ _FILES [“文件"] [“类型"]和end之间有什么区别(explode(“."，$ _ FILES [“文件"] [“名称"])) [英] What is the difference between $_FILES["file"]["type"] and end(explode(".", $_FILES["file"]["name"]))

问题描述

我使用var_dump(@$_FILES['file']['type'])测试我上传的文件类型

I use var_dump(@$_FILES['file']['type']) to test file type I uploaded

首先，我上传了一个名为"uninstall.exe"的exe file，它返回了

First, I uploaded an exe file called "uninstall.exe", and it returned

"string 'application/octet-stream' (length=24)"

然后，我将该文件重命名为uninstall.png，它返回

Then, I renamed this file to uninstall.png, it returned

string 'image/png' (length=9)

我的结论是: $ _ FILES ['file'] ['type']仅检查文件扩展名，而不检查原始文件类型.

以下代码来自 w3cschool :

$allowedExts = array("gif", "jpeg", "jpg", "png");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 20000)
&& in_array($extension, $allowedExts))

我认为上述代码中的$_FILES["file"]["type"]是不必要的，我们只需使用explode()和in_array

I think $_FILES["file"]["type"] in above codes is unnecessary, we can just check file extension using explode() and in_array

我只是一个PHP初学者，有人可以确认我的想法吗?谢谢！

I'm just a php beginner, can someone confirm my idea? Thanks!

推荐答案

您绝对正确. MIME类型由客户端提供，您不能保证它是正确的.因此，文件扩展名也是如此.如果需要完全确定，则需要查看文件内容.

You're absolutely correct. The MIME type is provided by the client and you cannot guarantee it is cor­rect. For that matter, so is the file extension. If you need to be completely sure, you need to look at the file contents.

这篇关于$ _FILES [“文件"] [“类型"]和end之间有什么区别(explode(“."，$ _ FILES [“文件"] [“名称"]))的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！