When uploading files or pictures in PHP, we will encounter the need to limit the type of uploaded files. If we only limit the suffix name, it is easy to bypass it. Below I have found some suffix names corresponding to the mine comparison table. I hope Helpful to everyone.
When using a PHP script to upload files, you need to process the file format into a file type recognized by PHP, for example (the file format of .jpg is image/jpeg). The judgment of this format is first done by the browser. The browser determines that it is a certain type of file through the submission of the form, and then submits it to PHP for processing.
Sometimes different browsers have different definitions of file types, so sometimes you need to make judgments about different browsers. In fact, different browser types can be added to the judgment.
The following provides a file type comparison table between IE and Firefox:
| ie |
Firefox |
| id |
Suffix |
File type recognized by php |
| 0 |
gif |
image/gif |
| 1 |
jpg |
image/jpeg |
| 2 |
png |
image/png |
| 3 |
bmp |
image/bmp |
| 4 |
psd |
application/octet-stream |
| 5 |
ico |
image/x-icon |
| 6 |
rar |
application/octet-stream |
| 7 |
zip |
application/zip |
| 8 |
7z |
application/octet-stream |
| 9 |
exe |
application/octet-stream |
| 10 |
avi |
video/avi |
| 11 |
rmvb |
application/vnd.rn-realmedia-vbr |
| 12 |
3gp |
application/octet-stream |
| 13 |
flv |
application/octet-stream |
| 14 |
mp3 |
audio/mpeg |
| 15 |
wav |
audio/wav |
| 16 |
krc |
application/octet-stream |
| 17 |
lrc |
application/octet-stream |
| 18 |
txt |
text/plain |
| 19 |
doc |
application/msword |
| 20 |
xls |
application/vnd.ms-excel |
| 21 |
ppt |
application/vnd.ms-powerpoint |
| 22 |
pdf |
application/pdf |
| 23 |
chm |
application/octet-stream |
| 24 |
mdb |
application/msaccess |
| 25 |
sql |
application/octet-stream |
| 26 |
con |
application/octet-stream |
| 27 |
log |
text/plain |
| 28 |
dat |
application/octet-stream |
| 29 |
ini |
application/octet-stream |
| 30 |
php |
application/octet-stream |
| 31 |
html |
text/html |
| 32 |
htm |
text/html |
| 33 |
ttf |
application/octet-stream |
| 34 |
fon |
application/octet-stream |
| 35 |
js |
application/x-javascript |
| 36 |
xml |
text/xml |
| 37 |
dll |
application/octet-stream |
| 38 |
dll |
application/octet-stream |
|
| id |
Suffix |
File type recognized by php |
| 0 |
gif |
image/gif |
| 1 |
jpg |
image/pjpeg |
| 2 |
png |
image/x-png |
| 3 |
bmp |
image/bmp |
| 4 |
psd |
application/octet-stream |
| 5 |
ico |
image/x-icon |
| 6 |
rar |
application/octet-stream |
| 7 |
zip |
application/x-zip-compressed |
| 8 |
7z |
application/octet-stream |
| 9 |
exe |
application/octet-stream |
| 10 |
avi |
video/avi |
| 11 |
rmvb |
application/vnd.rn-realmedia-vbr |
| 12 |
3gp |
application/octet-stream |
| 13 |
flv |
application/octet-stream |
| 14 |
mp3 |
audio/mpeg |
| 15 |
wav |
audio/wav |
| 16 |
krc |
application/octet-stream |
| 17 |
lrc |
application/octet-stream |
| 18 |
txt |
text/plain |
| 19 |
doc |
application/msword |
| 20 |
xls |
application/vnd.ms-excel |
| 21 |
ppt |
application/vnd.ms-powerpoint |
| 22 |
pdf |
application/pdf |
| 23 |
chm |
application/octet-stream |
| 24 |
mdb |
application/msaccess |
| 25 |
sql |
text/plain |
| 26 |
con |
application/octet-stream |
| 27 |
log |
text/plain |
| 28 |
dat |
text/plain |
| 29 |
ini |
application/octet-stream |
| 30 |
php |
application/octet-stream |
| 31 |
html |
text/html |
| 32 |
htm |
text/html |
| 33 |
ttf |
application/octet-stream |
| 34 |
fon |
application/octet-stream |
| 35 |
js |
text/html |
| 36 |
xml |
text/xml |
| 37 |
dll |
application/octet-stream |
| 38 |
class |
application/java |
|
下面看一个实例
| 代码如下 |
复制代码 |
|
$temppath=$upfile['tmp_name'];
$fileinfo=pathinfo($upfile['name']);
$extension=$upfile['type'];
//echo $extension;
//exit;
switch( $extension )
{
case 'application/msword':
$extension ='doc';
break;
case 'application/vnd.ms-excel':
$extension ='xls';
break;
case 'application/vnd.openxmlformats-officedocument.wordprocessingml.document':
$extension ='docx';
break;
case 'application/vnd.ms-powerpoint':
$extension ='ppt';
break;
case 'application/pdf':
$extension ='pdf';
break;
case 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet':
$extension ='xlsx';
break;
default:
die('只允许上传doc,docx,xls,pdf,ppt文件 重新上传');
}
|
代码如下
|
复制代码
|
|
$temppath=$upfile['tmp_name'];
$fileinfo=pathinfo($upfile['name']);
$extension=$upfile['type'];
//echo $extension;
//exit;
switch( $extension )
{
case 'application/msword':
$extension ='doc';
break;
case 'application/vnd.ms-excel':
$extension ='xls';
break;
case 'application/vnd.openxmlformats-officedocument.wordprocessingml.document':
$extension ='docx';
break;
case 'application/vnd.ms-powerpoint':
$extension ='ppt';
break;
case 'application/pdf':
$extension ='pdf';
break;
case 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet':
$extension ='xlsx';
break;
default:
die('只允许上传doc,docx,xls,pdf,ppt文件
重新上传');
}
上面实例就限制了只能上传doc,docx,xls,pdf,ppt了,这样如果有人想利用后缀名上传其它如php或asp文件就存在会提示上传文件不合法。
http://www.bkjia.com/PHPjc/632741.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/632741.htmlTechArticleWhen uploading files or pictures in php, we will encounter the need to limit the type of uploaded files. If we only limit the suffix It's easy to get around the name. Below I found some suffix names corresponding to mine...
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
