Proper Way To Validate MIME Type Of Files While Handling File Uploads In PHP

In this article, I will show you a cool tip on how to properly validate the file MIME types even if they change the extension of the file.

I will cover the following in this article

1. Basic HTML Form
2. General Old Way Validation (Probably Wrong Way)
3. The Right Way To Validate MIME Type ( finfo )
4. Different MIME Extensions Link

Prerequisites

Basic knowledge on PHP. Even if you don't know how to upload the files and handle it then I have written an article on it:

How To Uploads Files In PHP?

How To Upload Image In PHP?

1) Basic HTML Form

This is very basic HTML form make sure you have enctype="multipart/form-data"

<form action="store_product.php" method="post" enctype="multipart/form-data">
    <div>
        <input type="file" name="product_invoice" id="product_invoice">
    </div> <br>
    <div>
        <input type="submit" value="Create Product">
    </div>
</form>

2) General Old Way Validation (Probably Wrong Way)

From the above form when you select the image and upload it will go to store_product.php PHP file which will handle the file upload with validation.

Following is the snippet code which demonstrates the file validation

/** Store the file details in variable */
$product_invoice    = $_FILES['product_invoice'];

/** Uploaded file name */
$file_name          = $product_invoice['name'];
$file_tmp           = $product_invoice['tmp_name'];

/** Using pathinfo() to get the file extension of file */
$pathinfo           = pathinfo($file_name);
$extension          = $pathinfo['extension'];

/** Allowed extensions */
$file_extensions    = ['pdf', 'xls', 'jpeg', 'jpg', 'png', 'svg', 'webp'];

/** Check File extensions */
if(!in_array($extensio
n, $file_extensions)){
    $errors[] = 'File allowed extensions '. implode(', ', $file_extensions);
}

The above is wrong because we are validating based on file extension. Because someone may upload video & change just the extension to jpeg or pdf.

3) The Right Way To Validate MIME Type ( finfo )

To properly validate the file MIME you need to use finfo which internally uses finfo_open

Basically you use it the following way

/** Using finfo to just get the MIME type */
$finfo      = new finfo(FILEINFO_MIME_TYPE);

/** You will get extension along with the mime types */
$extension  = $finfo->file($file_tmp);

Full detailed on the same as follows

/** Store the file details in variable */
$product_invoice    = $_FILES['product_invoice'];

/** Uploaded file name */
$file_name          = $product_invoice['name'];
$file_tmp           = $product_invoice['tmp_name'];

/** Allowed MIME extensions */
$file_extensions    = ['image/jpeg', 'image/pjpeg', 'application/pdf'];

/** Using finfo to just get the MIME type */
$finfo      = new finfo(FILEINFO_MIME_TYPE);

/** You will get extension along with the mime types */
$extension  = $finfo->file($file_tmp);

/** Check File extensions */
if(!in_array($extension, $file_extensions)){
    $errors[] = 'File allowed extensions '. implode(', ', $file_extensions);
}

4) Diff MIME Extensions Link

I don't want to reinvent the wheel. So here is the link for the CODEIGNITER FRAMEWORK MIME TYPES

Conclusion

Hope you liked the article. If yes then please do share with your friends.

WHATS NEXT?

You might be interest to learn more on composer please find my whole article on it

How To Upload Image In PHP?

How To Uploads Files In PHP?

How To Install Packages Parallel For Faster Development In Composer

What Is Composer? How Does It Work? Useful Composer Commands And Usage

composer.json v/s composer.lock

Composer Install v/s Composer Update

Route Model Binding In Laravel & Change Default Column id To Another Column

How To Run Raw Queries Securely In Laravel

Laravel 7.x Multiple Database Connections, Migrations, Relationships & Querying

How To Install Apache Web Server On Ubuntu 20.04 / Linux & Manage It

How To Create / Save / Download PDF From Blade Template In PHP Laravel

How To Add Free SSL Certificate In cPanel With ZeroSSL & Certbot

How To Securely SSH Your Server & Push Files With FileZilla

How To Push Files To CPanel / Remote Server using FTP Software FileZilla

How To Install Linux, Apache, MYSQL, PHP (LAMP Stack) on Ubuntu

How To Cache Static Files With NGINX Server

Redirect www to a non-www website or vice versa

How To Create Free SSL Certificate With Lets Encrypt/Certbot In Linux (Single / Multiple Domains)

How To Install Linux, NGINX, MYSQL, PHP (LEMP Stack) on Ubuntu

PHP Built-In Web Server & Testing Your Development Project In Mobile Without Any Software

How To Do Google reCAPTCHA Integration In PHP Laravel Forms

Happy Coding :)