MIME type of uploaded files in PHP

Today I came across something that rather puzzled me at first, seemed irresponsible and such, but was cleared later, upon reading the manual.  When uploading files in PHP, variable $_FILES stores a bunch of information about each file.  One of those stored bits is the MIME type of the file.  I was puzzled with how easy it was to trick PHP into setting a wrong MIME type.  However, documentation clearly says that:

The mime type of the file, if the browser provided this information. An example would be “image/gif”. This mime type is however not checked on the PHP side and therefore don’t take its value for granted.

Leave a Comment