0

This is all I have.

<?php if ((($_FILES["file"]["type"] == "file/exe") && ($_FILES["file"]["size"] < 20000000)) {

I need to only upload .exe file types, how can I do this? reg ex?(PHP)

Improve this question

4 Answers 4

Reset to default
1

I think that you should use something like finfo_file. As far as I know, $_FILES["file"]["type"] can be spoofed by the uploader to anything he wants it to be.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

There is no reliable way to do that as all information that is sent by the client can be tampered with.

I would simply check the file name extension like:

if (strncasecmp(substr($_FILES["file"]["name"], -4), '.exe') === 0) { // is .exe }

Additionally, you could look for specific magic numbers.

Just make sure that if you want to deliver that file you’re using a proper MIME media type (e.g. application/octet-stream).

Improve this answer

Comments

0

In addition, you can also check MIME type for each file .exe executable files has always application type of mime

pplication/octet-stream, application/x-msdownload, application/exe, application/x-exe, application/dos-exe, vms/exe, application/x-winexe, application/msdos-windows, application/x-msdos-program

Improve this answer

Comments

-1 
$_FILES["uploaded_files"]["type"][$i] != "application/octet-stream"
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.