我有一个输入,您可以在其中上传图像,唯一允许的图像类型是:
png, jpg, jpeg
在将图像插入数据库之前,它会检查图片是否为 png、jpg、jpeg。但现在出于安全原因,我需要在第一次检查之前或之后检查 MIME 类型。
我该怎么做呢?这是我的代码:
<?php
$iAmountOfFiles = count($_FILES['Filename']['name']);
while($iAmountOfFiles >= 1) {
$iAmountOfFiles--;
$aFileProperties = pathinfo($_FILES['Filename']['name'][$iAmountOfFiles]);
if(!in_array(strtolower($aFileProperties["extension"]), $aExtensionWhitelist)) {
echo "Bestands type niet toegestaan";
// exit;
continue;
}
$sTarget = ROOT.BACKEND."/pages/bezienswaardigheden-toevoegen/uploads/";
$sUniqueFileNameHash = hash('adler32', time().rand());
$Filename = basename($sUniqueFileNameHash."-".$_FILES['Filename']['name'][$iAmountOfFiles]);
$Filename = basename($aFileProperties["filename"]."-".$sUniqueFileNameHash.".".strtolower($aFileProperties["extension"]));
// Writes the Filename to the server
if(move_uploaded_file($_FILES['Filename']['tmp_name'][$iAmountOfFiles], $sTarget.$Filename)) {
// here needs to come the mime check