In a new post today C. Sadeesh Kumar has a quick tip to help your script detect file types without having to rely on the extension to be correct.
In most web applications today, there is a need to allow users to upload images, audio and video files. Sometimes, we also need to restrict certain types of files from being uploaded – an executable file being an obvious example. Security aside, one might also want to prevent users from misusing the upload facility, e.g. uploading copyrighted music files illegally and using the service to promote piracy! In this article, we’ll look into a few ways in which we can achieve this.
The trick to his example is in using the Fileinfo PECL extension. With the help of this extension you can look inside the file and pick out the "magic bytes" (the first few bytes of a file) and see what MIME type the file really is. He includes a simple example of using the extension on a file and a file upload script that checks the type and handles the file accordingly.