PHP to determine the type of file upload and filter unsafe data methods,
In this paper, the method of PHP judging file upload type and filtering unsafe data is described. Share to everyone for your reference. Specific as follows:
Do not upload files other than picture files, prompt, do not get the file name extension to determine the type, this is the most insecure, we use $_files[' form ' [' type '].
This can read the file content to identify the file type, but it can be recognized limited, but if you use the picture is enough to understand. function, filter unsafe characters, instance function code is as follows:
Copy the Code code as follows: function s_addslashes ($string, $force = 0) {
if (!GET_MAGIC_QUOTES_GPC ()) {
if (Is_array ($string)) {
foreach ($string as $key = = $val) {
$string [$key] = S_addslashes ($val, $force);
}
} else {
$string =str_replace ("& #x", "& # X", $string); //
Filter some unsafe characters
$string = Addslashes ($string);
}
}
return $string;
}
Usage examples:
$_cookie = C_addslashes ($_cookie);
$_post = C_addslashes ($_post);
$_get = C_addslashes ($_get);
Include in the public file
if ($_files) {
foreach ($_files as $key = $_value)
{
$_files[$key] [' type '] =$_value[' type ';
}
if (substr ($_files[$key [' type '],0,6)! = ' image/')
{
Exit
}
}
I hope this article is helpful to everyone's PHP programming.
http://www.bkjia.com/PHPjc/929089.html www.bkjia.com true http://www.bkjia.com/PHPjc/929089.html techarticle PHP to determine the type of file upload and filter unsafe data methods, this article describes the php file upload type and the method of filtering unsafe data. Share to everyone for your reference. ...