Hi. I want to know if file['type'] of a csv file. But if somebody change the file extension, for example: filename.jpg is changed to filename.csv. The $file['type'] is 'application/vnd.ms-excel' like a real csv file. How to restricting that?
Use built in php functions. Blindly doing it on the type bit is useless. Look into the fileinfo class at php.net: http://php.net/manual/en/book.fileinfo.php
That is very true, it all depends on what you want to do with the files afterwards - if they're publicly viewable, you might want to go into more depth to try to discern what the content really is, but as others said, it's relatively easy to spoof a header in a file, to confuse mime-types and such.
I want to upload a CSV file. But I want to validate that file before to get up it. Here http://php.net/manual/en/function.finfo-file.php using a example 1, I have this: <?php $finfo = finfo_open(FILEINFO_MIME_TYPE); $filename = "testdata.csv"; echo finfo_file($finfo, $filename); ?> PHP: I get this: Fatal error: Call to undefined function finfo_open() in C:\work\testing.php on line 2 Code (markup): I using PHP 5.4.19. What is this FILEINFO_MIME_TYPE??
That means your server probably doesn't have fileinfo - try making a phpinfo-file: <?php phpinfo(); ?> Code (markup): Run it, search for "fileinfo" (without the quotes) and see if it's enabled or not.
So, that mean I should to use finfo_open() instead of $_FILES['filename']['type'] Because with finfo_open() no matter what the file extension has. Alway show the correct type content. But $_FILES['filename']['type'] only show "application/vnd.ms-excel" (CSV file) but is other type file with the file extension changed to ".csv" alway show the same.