I think the function you are looking for is mime_content_type(). You can compare the output of this function with $_FILES[uploads][type] and if they do not match, then you have an evil user uploading (for example) .exe files renamed to .gif. See more details of that function here: http://www.php.net/manual/en/function.mime-content-type.php Find some useful security tips here: http://php.about.com/od/advancedphp/qt/upload_security.htm. As a rule of thumb, I always assume any userland interface will be abused by clever, cunning and evil users, thus design the code to cater for this. On 6/17/09, Frankline Chitwa <frank.chitwa@gmail.com> wrote:

Check file type. e.g if your form had <input type="file" name="uploads"/>

the your php should have $_FILES[uploads][type]

On Wed, Jun 17, 2009 at 10:14 AM, Peter Kipkoech <peter.kipkoech@gmail.com>wrote:

...

Hey Skunkers,

Is there a PHP function/class that for performing MIME Type validation. The form is currently using the upload file extension to validate file uploads,I later realized its susceptible to abuse especially from Windows users. -- Nothing’s impossible the impossible just takes a little longer.

_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general