have searched high and low and can not seem to find the best way to make an uplaod script that is secure. Checking just for the extension or even the header type is not the way to go...so what is? I need to allow secure uploads of swf files and jpg files only. How can check that the uploaded files are indeed jpg or swf? Any help would be greatly appreciated
JPG/SWF can be checked with getimagesize from php more help http://www.php.net/getimagesize but SWF can execute code... keep that in mind.. so don't allow both JPG and SWF to execute code (for example in htaccess)