Regardless of where you do it, the easiest way is to validate the header of the file against the formats you wish to support. For example:

.jpg files start with the following sequence: "ÿØÿà" + NULL + DLE + "JFIF".

.gif files start with the string "GIF89a"

.png files start with "‰PNG"

.bmp files start with "BM"



Another option depends on the server-side framework you're using. Create an Image class using the framework, and point it to the file being uploaded.



One last thing to consider; with a simple console command, it's possible to embed .rar files into a .jpg file. In effect, a seemingly innocuous image of a puppy could contain a rar file with child pornography. Your logic may benefit by checking for that as well.



I've attached two articles. One contains information on how to hide a rar file in a jpeg. If you know how to do it, you can probably figure out how to block it. The second contains the common headers for image files.

Haha yeah.I placed one on warm or no longer basically for relaxing as quickly as. I have been given a 9.5 so i assume I did fantastically stable i do no longer placed plenty inventory in issues like that although.that is quite often a collection of attractive 14 365 days olds score and hoping to work out some boobies.

take a look at this and make it work for you



//Check to see if MIME is authorized

$this->type = $_FILES['file_to_upload']['type'];

$this->query_string = "SELECT * FROM mime_types WHERE type='$this->type'";

$this->query = mysql_query($this->query_string);

$this->num_rows = mysql_num_rows($this->query);



--

-- Table structure for table `mime_types`

--



DROP TABLE IF EXISTS `mime_types`;

CREATE TABLE IF NOT EXISTS `mime_types` (

`id` int(11) NOT NULL AUTO_INCREMENT,

`extension` varchar(5) NOT NULL,

`type` varchar(100) NOT NULL,

`aud_vid` int(11) NOT NULL,

`access_type` int(1) NOT NULL,

PRIMARY KEY (`id`)

) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=41 ;



--

-- Dumping data for table `mime_types`

--



INSERT INTO `mime_types` (`id`, `extension`, `type`, `aud_vid`, `access_type`) VALUES

(1, '.au', 'audio/basic', 1, 1),

(2, '.avi', 'application/x-troff-msvideo', 1, 0),

(3, '.bm', 'image/bmp', 0, 1),

(4, '.bmp', 'image/bmp', 0, 1),

(5, '.doc', 'application/msword', 0, 0),

(6, '.flp', 'application/FruityLoops Project', 1, 1),

(7, '.gif', 'image/gif', 0, 1),

(8, '.gz', 'application/x-gzip', 0, 0),

(9, '.gzip', 'application/x-gzip', 0, 0),

(10, '.jpe', 'image/jpeg', 0, 1),

(11, '.jpeg', 'image/jpeg', 0, 1),

(12, '.jpg', 'image/jpeg', 0, 1),

(13, '.kar', 'audio/midi', 1, 1),

(14, '.mid', 'audio/midi', 1, 1),

(15, '.mov', 'video/quicktime', 1, 0),

(16, '.mp2', 'audio/mpeg', 1, 1),

(17, '.mp3', 'audio/mpeg3', 1, 1),

(18, '.mpa', 'audio/mpeg', 1, 1),

(19, '.mpe', 'video/mpeg', 1, 1),

(20, '.mpeg', 'video/mpeg', 1, 0),

(21, '.mpg', 'video/mpeg', 1, 0),

(22, '.pdf', 'application/pdf', 0, 0),

(23, '.png', 'image/png', 0, 1),

(24, '.ppt', 'application/mspowerpoint', 0, 0),

(25, '.qt', 'video/quicktime', 1, 0),

(26, '.ra', 'audio/x-pn-realaudio', 1, 1),

(27, '.ram', 'audio/x-pn-realaudio', 1, 1),

(28, '.rmi', 'audio/mid', 1, 1),

(29, '.rtx', 'application/rtf', 0, 0),

(30, '.swf', 'application/x-shockwave-flash', 0, 0),

(31, '.tif', 'image/tiff', 0, 1),

(32, '.tiff', 'image/tiff', 0, 1),

(33, '.txt', 'text/plain', 0, 0),

(34, '.wav', 'audio/wav', 1, 1),

(35, '.wma', 'audio/x-ms-wma', 1, 1),

(36, '.wmv', 'video/x-ms-wmv', 1, 0),

(37, '.xls', 'application/excel', 0, 0),

(38, '.zip', 'application/zip', 0, 0),

(39, '.mp3', 'audio/x-mpeg', 1, 1),

(40, '.ppt', 'application/vnd.ms-powerpoint', 0, 0);