2

Thus anyone has any idea why this code is not working for me 

$type1 = $_FILES['textfield2']['type'];
$type2 = $_FILES['textfield3']['type']; 

if($type1 == 'image/gif' || $type1 == 'image/png' && $type2 == 'image/gif' || $type2  == 'image/png')
{
    echo 'Valid';
    echo $type1.'<br />'.$type2;
}
else
{
    echo 'Invalid';
}

If i select 1st file as a zip or any other format and then next as png it is going to valid that what i should not

Improve this question
1
  • 1
    Careful, in IE some of the 'filetypes' are completely different from that of FF. I couldn't figure out why my PNG files werent being displayed correctly, it seems they were uploaded as image/x-png type. Commented Aug 31, 2011 at 16:56

3 Answers 3

Reset to default
2

PHP's operator precedence makes && bind tighter than ||, so your test is coming out as:

if($type1 == 'image/gif' || ($type1 == 'image/png' && $type2 == 'image/gif') || $type2  == 'image/png')
                            ^----------------------------------------------^

Beyond that, do not use the user-provided ['type'] data for this. It's utterly trivial to forge, and someone can set to 'image/gif' while uploading nastyvirus.exe.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

so is there any work around coz i have to validate three fields of images i can't even go through with 2 and i have 6 types of file formats to validate
use getimagesize(). It'll analyze the file itself and tell you what it is.
hi not hare image size validation , image upload validation as image uploading confirm.
1

Try:

if(($type1 == 'image/gif' || $type1 == 'image/png') && 
   ($type2 == 'image/gif' || $type2  == 'image/png'))
        {
            echo 'Valid';

            echo $type1.'<br />'.$type2;
        }
        else
        {
            echo 'Invalid';
        }

This is due to operator precedence, which is documented here: http://php.net/manual/en/language.operators.precedence.php

Improve this answer

1 Comment

Yup Niki That worked , fool of me just a simple thing and i am scratching my head from last 30min's Special thanks to you coz u replied 1st and it was ryt
1

This is due to operator precedence. && has higher precedence than || so your expression results in: 

    $type1 == 'image/gif'
|| ($type1 == 'image/png' && $type2 == 'image/gif')
||  $type2 == 'image/png'

Use parentheses to make your intention clear:

   ($type1 == 'image/gif' || $type1 == 'image/png')
&& ($type2 == 'image/gif' || $type2 == 'image/png')

Additionally please note that the mime type is a client supplied data and thus is very easy to manipulate. Instead you should check for a valid GIF/PNG file header (using the GD library for example.)

Improve this answer

1 Comment

Yup Niki That worked , fool of me just a simple thing and i am scratching my head from last 30min's

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.