The MIME processing problem of PHP

According to personal experience, in PHP processing file upload, often can use the following ways to determine the type of file

1. By file name suffix, unsafe, very easy to cheat
2. By mime, some types of files can be spoofed by modifying the file suffix name or by spoofing the server
3. By the head byte to determine the file type, but the scope of the judgment is limited, such as DOCX/XLSX and other new documents, through the header information, is actually a zip package.

Excuse me, is there any other way to get the file type more reasonably and safely?

Reply content:

According to personal experience, in PHP processing file upload, often can use the following ways to determine the type of file

1. By file name suffix, unsafe, very easy to cheat
2. By mime, some types of files can be spoofed by modifying the file suffix name or by spoofing the server
3. By the head byte to determine the file type, but the scope of the judgment is limited, such as DOCX/XLSX and other new documents, through the header information, is actually a zip package.

Excuse me, is there any other way to get the file type more reasonably and safely?

I think the need of the main question is how to ensure the security of file upload.
First, you should make certain hard rules about file types and sizes. In addition, the individual believes that the mime type of judgment has been relatively safe, if the main or not trust, you can read the file header to determine the real type.
Method can refer to this case:

PHP to read the file header two bytes to determine the true type of file and its application example

See the question in the main question of the content, I think as the main point of the three methods, the security series enhanced in turn, if the level of three points, I think the security should be guaranteed.

First judge the head, if the picture on the GD, if the document is used OpenOffice
The fake is going to turn you into a real one.

