php tutorial to determine file upload type and filter unsafe data
This function filters unsafe characters
function s_addslashes($string, $force = 0) {
if(! get_magic_quotes_gpc()) {
if(is_array($string)) {
foreach($string as $key => $val) {
$string[$key] = s_addslashes($val, $ force);
}
} else {
$string=str_replace("","& # x",$string); //
Filter some unsafe characters
$string = addslashes($string);
}
}
return $string;
}
Example:
$_COOKIE = c_addslashes($_COOKIE) ;
$_POST = c_addslashes($_POST);
$_GET = c_addslashes($_GET);
Add
if($_FILES){
foreach( $_FILES as $key => $_value )
{
$_FILES[$key]['type'] =$_value['type'];
}
if( substr($_FILES[$key]['type'],0,6) !='image/')
{
exit;
}
}
Upload prohibited For files other than image files,
Tip:
Do not get the file extension to determine the type. This is the most unsafe. We use $_FIlES['form']
['type' ]
This can read the file content to identify the file type, but its recognition is limited, but if you use pictures, it is enough
to understand it.
www.111cn.cn This site is original, please note