
Good content takes time and effort to come up with.
Please consider supporting us by just disabling your AD BLOCKER and reloading this page again.
In this article, I will show you a cool tip on how to properly validate the file MIME types even if they change the extension of the file.
I will cover the following in this article
finfo
)Basic knowledge on PHP. Even if you don't know how to upload the files and handle it then I have written an article on it:
This is very basic HTML form make sure you have enctype="multipart/form-data"
<form action="store_product.php" method="post" enctype="multipart/form-data">
<div>
<input type="file" name="product_invoice" id="product_invoice">
</div> <br>
<div>
<input type="submit" value="Create Product">
</div>
</form>
From the above form when you select the image and upload it will go to store_product.php
PHP file which will handle the file upload with validation.
Following is the snippet code which demonstrates the file validation
/** Store the file details in variable */
$product_invoice = $_FILES['product_invoice'];
/** Uploaded file name */
$file_name = $product_invoice['name'];
$file_tmp = $product_invoice['tmp_name'];
/** Using pathinfo() to get the file extension of file */
$pathinfo = pathinfo($file_name);
$extension = $pathinfo['extension'];
/** Allowed extensions */
$file_extensions = ['pdf', 'xls', 'jpeg', 'jpg', 'png', 'svg', 'webp'];
/** Check File extensions */
if(!in_array($extensio
n, $file_extensions)){
$errors[] = 'File allowed extensions '. implode(', ', $file_extensions);
}
The above is wrong because we are validating based on file extension. Because someone may upload video & change just the extension to jpeg or pdf.
finfo
)To properly validate the file MIME you need to use finfo
which internally uses finfo_open
Basically you use it the following way
/** Using finfo to just get the MIME type */
$finfo = new finfo(FILEINFO_MIME_TYPE);
/** You will get extension along with the mime types */
$extension = $finfo->file($file_tmp);
Full detailed on the same as follows
/** Store the file details in variable */
$product_invoice = $_FILES['product_invoice'];
/** Uploaded file name */
$file_name = $product_invoice['name'];
$file_tmp = $product_invoice['tmp_name'];
/** Allowed MIME extensions */
$file_extensions = ['image/jpeg', 'image/pjpeg', 'application/pdf'];
/** Using finfo to just get the MIME type */
$finfo = new finfo(FILEINFO_MIME_TYPE);
/** You will get extension along with the mime types */
$extension = $finfo->file($file_tmp);
/** Check File extensions */
if(!in_array($extension, $file_extensions)){
$errors[] = 'File allowed extensions '. implode(', ', $file_extensions);
}
I don't want to reinvent the wheel. So here is the link for the CODEIGNITER FRAMEWORK MIME TYPES
Hope you liked the article. If yes then please do share with your friends.
Sass or SCSS @function vs @mixin
Laravel 7.x Multiple Database Connections, Migrations, Relationships & Querying
Foreign Key Migrations Simplified In Laravel 7.x
Lazy Load Images In Chrome With This Simple Trick
Laravel Custom Maintenance Page
Why namespace And use Keywords Used In PHP
Make Laravel Controllers Slim By Skimming Form Validation Request
Securely Connect Server MYSQL DB From Sequel Pro / MYSQL Workbench
Simple Way To Create Resourceful API Controller In Laravel
Generate Sitemap in PHP Laravel
Setup MAMP Virtual Hosts For Local PHP Development
Custom Validation Rules In PHP Laravel (Using Artisan Command)
Redirect www to a non-www Website Or Vice Versa
Free SSL Certificate With Lets Encrypt/Certbot In Linux (Single / Multiple Domains)