如何判断某人是否伪造了文件类型? (PHP) [英] How do I tell if someone's faking a filetype? (PHP)

问题描述

我正在编写一些程序，允许用户将文档和图片存储在Web服务器上，以便以后存储和检索.当用户将文件上传到我的服务器时，PHP会告诉我基于扩展名的文件类型.但是，恐怕用户会将zip文件重命名为somezipfile.png并将其存储，从而将zip文件保留在我的服务器上.是否有任何合理的方法来打开上传的文件并检查"它是否确实属于所述文件类型?

I'm programming something that allows users to store documents and pictures on a webserver, to be stored and retrieved later. When users upload files to my server, PHP tells me what filetype it is based on the extension. However, I'm afraid that users could rename a zip file as somezipfile.png and store it, thus keeping a zip file on my server. Is there any reasonable way to open an uploaded file and "check" to see if it truly is of the said filetype?

推荐答案

魔术数.如果您可以读取二进制文件的前几个字节，则可以知道它是哪种文件.

Magic number. If you can read first few bytes of a binary file you can know what kind of file it is.

这篇关于如何判断某人是否伪造了文件类型? (PHP)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！