$ _FILES [“文件"] [“类型"]和end之间有什么区别(explode(“.",$ _ FILES [“文件"] [“名称"])) [英] What is the difference between $_FILES["file"]["type"] and end(explode(".", $_FILES["file"]["name"]))
问题描述
我使用var_dump(@$_FILES['file']['type'])
测试我上传的文件类型
I use var_dump(@$_FILES['file']['type'])
to test file type I uploaded
首先,我上传了一个名为"uninstall.exe
"的exe file
,它返回了
First, I uploaded an exe file
called "uninstall.exe
", and it returned
"string 'application/octet-stream' (length=24)"
然后,我将该文件重命名为uninstall.png
,它返回
Then, I renamed this file to uninstall.png
, it returned
string 'image/png' (length=9)
我的结论是: $ _ FILES ['file'] ['type']仅检查文件扩展名,而不检查原始文件类型.
以下代码来自 w3cschool :
$allowedExts = array("gif", "jpeg", "jpg", "png");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 20000)
&& in_array($extension, $allowedExts))
我认为上述代码中的$_FILES["file"]["type"]
是不必要的,我们只需使用explode()
和in_array
I think $_FILES["file"]["type"]
in above codes is unnecessary, we can just check file extension using explode()
and in_array
我只是一个PHP初学者,有人可以确认我的想法吗?谢谢!
I'm just a php beginner, can someone confirm my idea? Thanks!
推荐答案
您绝对正确. MIME类型由客户端提供,您不能保证它是正确的.因此,文件扩展名也是如此.如果需要完全确定,则需要查看文件内容.
You're absolutely correct. The MIME type is provided by the client and you cannot guarantee it is correct. For that matter, so is the file extension. If you need to be completely sure, you need to look at the file contents.
这篇关于$ _FILES [“文件"] [“类型"]和end之间有什么区别(explode(“.",$ _ FILES [“文件"] [“名称"]))的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!