Good content takes time and effort to come up with.

Please consider supporting us by just disabling your AD BLOCKER and reloading this page again.







Proper Way To Validate MIME Type Of Files While Handling File Uploads In PHP


FILE VALIDATION FILE UPLOAD PHP
12th May 2020 3 mins read
Share Article     Share On WhatsApp   Buy Me Coffee | StackCoder Buy Coffee


In this article, I will show you a cool tip on how to properly validate the file MIME types even if they change the extension of the file.


I will cover the following in this article

  1. Basic HTML Form
  2. General Old Way Validation (Probably Wrong Way)
  3. The Right Way To Validate MIME Type ( finfo )
  4. Different MIME Extensions Link

Prerequisites


Basic knowledge on PHP. Even if you don't know how to upload the files and handle it then I have written an article on it:


How To Uploads Files In PHP?

How To Upload Image In PHP?


1) Basic HTML Form


This is very basic HTML form make sure you have enctype="multipart/form-data"


<form action="store_product.php" method="post" enctype="multipart/form-data">
    <div>
        <input type="file" name="product_invoice" id="product_invoice">
    </div> <br>
    <div>
        <input type="submit" value="Create Product">
    </div>
</form>

2) General Old Way Validation (Probably Wrong Way)


From the above form when you select the image and upload it will go to store_product.php PHP file which will handle the file upload with validation.


Following is the snippet code which demonstrates the file validation


/** Store the file details in variable */
$product_invoice    = $_FILES['product_invoice'];

/** Uploaded file name */
$file_name          = $product_invoice['name'];
$file_tmp           = $product_invoice['tmp_name'];

/** Using pathinfo() to get the file extension of file */
$pathinfo           = pathinfo($file_name);
$extension          = $pathinfo['extension'];

/** Allowed extensions */
$file_extensions    = ['pdf', 'xls', 'jpeg', 'jpg', 'png', 'svg', 'webp'];

/** Check File extensions */
if(!in_array($extensio
n, $file_extensions)){
    $errors[] = 'File allowed extensions '. implode(', ', $file_extensions);
}


The above is wrong because we are validating based on file extension. Because someone may upload video & change just the extension to jpeg or pdf.

3) The Right Way To Validate MIME Type ( finfo )


To properly validate the file MIME you need to use finfo which internally uses finfo_open


Basically you use it the following way


/** Using finfo to just get the MIME type */
$finfo      = new finfo(FILEINFO_MIME_TYPE);

/** You will get extension along with the mime types */
$extension  = $finfo->file($file_tmp);


Full detailed on the same as follows


/** Store the file details in variable */
$product_invoice    = $_FILES['product_invoice'];

/** Uploaded file name */
$file_name          = $product_invoice['name'];
$file_tmp           = $product_invoice['tmp_name'];

/** Allowed MIME extensions */
$file_extensions    = ['image/jpeg', 'image/pjpeg', 'application/pdf'];

/** Using finfo to just get the MIME type */
$finfo      = new finfo(FILEINFO_MIME_TYPE);

/** You will get extension along with the mime types */
$extension  = $finfo->file($file_tmp);

/** Check File extensions */
if(!in_array($extension, $file_extensions)){
    $errors[] = 'File allowed extensions '. implode(', ', $file_extensions);
}

4) Diff MIME Extensions Link


I don't want to reinvent the wheel. So here is the link for the CODEIGNITER FRAMEWORK MIME TYPES


Conclusion


Hope you liked the article. If yes then please do share with your friends.


WHATS NEXT?


You might be interest to learn more on composer please find my whole article on it


How To Upload Image In PHP?

How To Uploads Files In PHP?

How To Install Packages Parallel For Faster Development In Composer

What Is Composer? How Does It Work? Useful Composer Commands And Usage

composer.json v/s composer.lock

Composer Install v/s Composer Update

Route Model Binding In Laravel & Change Default Column id To Another Column

How To Run Raw Queries Securely In Laravel

Laravel 7.x Multiple Database Connections, Migrations, Relationships & Querying

How To Install Apache Web Server On Ubuntu 20.04 / Linux & Manage It

How To Create / Save / Download PDF From Blade Template In PHP Laravel

How To Add Free SSL Certificate In cPanel With ZeroSSL & Certbot

How To Securely SSH Your Server & Push Files With FileZilla

How To Push Files To CPanel / Remote Server using FTP Software FileZilla

How To Install Linux, Apache, MYSQL, PHP (LAMP Stack) on Ubuntu

How To Cache Static Files With NGINX Server

Redirect www to a non-www website or vice versa

How To Create Free SSL Certificate With Lets Encrypt/Certbot In Linux (Single / Multiple Domains)

How To Install Linux, NGINX, MYSQL, PHP (LEMP Stack) on Ubuntu

PHP Built-In Web Server & Testing Your Development Project In Mobile Without Any Software

How To Do Google reCAPTCHA Integration In PHP Laravel Forms


Happy Coding :)








Author Image
AUTHOR

Channaveer Hakari

I am a full-stack developer working at WifiDabba India Pvt Ltd. I started this blog so that I can share my knowledge and enhance my skills with constant learning.

Never stop learning. If you stop learning, you stop growing