0

I am trying to upload files and check if the uploading files are really pdf files, so I resort to the fileinfo functions in php.

The problem is that the code is not validating anything. It will allow all sorts of files to be uploaded including viruses. Currently, I am checking the file extension name but it's not secured and that's why am resorting to fileinfo. Can someone tell me what is wrong with the code? I am running php version 5.3.5

if (function_exists('finfo_open')) {
    $mime = finfo_open(FILEINFO_MIME_TYPE);
    $mime_type = finfo_file($mime, $_FILES['myfile']['tmp_name']);
    if ($mime_type == "application/pdf") {
        echo "file is pdf";
    } else {
        echo "file is not pdf";
        finfo_close($mime);
        exit();
    }
}
Improve this question
8
  • Echo the $mime_type value to see what do you get. Commented Sep 7, 2018 at 21:23
  • If echo $mime_type it will not display or echo anything. Commented Sep 7, 2018 at 21:33
  • Do you get an error message at any point? Commented Sep 7, 2018 at 21:37
  • no error message at all Commented Sep 7, 2018 at 21:39
  • 2
    If no message is being displayed when this code is executed, then it would appear that if (function_exists('finfo_open')) is returning false. What happens if you remove that? Commented Sep 7, 2018 at 21:58

1 Answer 1

Reset to default
1

The issue has to do with enabling fileinfo.dll in php.ini files.

I went to php.ini and uncomment/remove the semicolon before ;extension=php_fileinfo.dll

so that it will look like below extension=php_fileinfo.dll

I then save and restart apche and behold, its working now. Thanks

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.