How to Determine the Uploaded File Type With PHP

By | January 27, 2010

Nowadays file upload is widely used on the web. We upload pictures, archives and videos and often don’t think how these files are handled by our server. In this post I’m going to show you several solutions for file upload in PHP, that allow to determine what kind of file was uploaded using a form.

The first option is related to the $_FILES array. When a file is uploaded, it is placed into a temporary directory and we use PHP functions to move it to the place we need. Let’s take a simple form to understand how it is processed.

<form enctype="multipart/form-data" action="upload.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="200000" />
Choose a file to upload: <input name="file" type="file" /><br />
<input type="submit" value="Upload File" />
</form>

Here is how it looks like:


Choose a file to upload:

It’s just a simple form that asks for a file to upload. When the form is filled, it is processed by upload.php. When the upload.php file is executed, the uploaded file is placed into a temporary storage area on the server. If the file is not moved to a different location it will be deleted! To save our file we are going to check whether it suits our needs (for example, we need to upload images only). Then we will use the $_FILES associative array.

We will need some elements of this array in order to process our file.

file – file is the reference we assigned in our HTML form. We will need this to tell the $_FILES array which file we want to play around with.
$_FILES[‘file’][‘name’] – name contains the original path of the user uploaded file.
$_FILES[‘file’][‘tmp_name’] – tmp_name contains the path to the temporary file.
$_FILES[“file”][“type”] describes the type of the file, and it is determined automatically, so there is no way for a user to upload a bad file.

In order to check our file for file type we will use several methods. The first one, as I have already told, is related to $_FILES array. I suppose we need just 3 types of images: jpg, gif and png. Here is the code:

switch($_FILES['file']['type'])
{
case "image/jpeg":
{
// Do something here
break;
}
case "image/gif":
{
// Do something with gif here
break;
}
case "image/png":
{
// Do something with png
}
default:
{
break;
}
}

This will allow you to determine whether your matches your desired type. There is another way to do this, using mime_content_type(). The code is almost the same.

switch (mime_content_type($_FILES['file']['tmp_name']))
{
case "image/jpeg":
{
// Do something here
break;
}
case "image/gif":
{
// Do something with gif here
break;
}
case "image/png":
{
// Do something with png
}
default:
{
break;
}
}

The examples above will let you know whether the file being uploaded is really the one you expect. Sometimes people check just file names for “.jpg”, and “.gif” and that’s a bad practice, as this way I will be able to upload file.jpg.exe and so on. Hope this post helps you to deal with files more securely.

One thought on “How to Determine the Uploaded File Type With PHP

  1. Pingback: How to Determine the Uploaded File Type With PHP | LAMPdocs: Linux … | Drakz Free Online Service

Comments are closed.