PHP secure file upload

every file has it's own type, it called mime type , so u can check the mime type , do some things like that :

if (mime_content_type($FILES['file']['tmp'])== "image/png"))
{
// do upload
}else{
die('file type not supported');}

u can put all the mime type into an array the check the type with in_array function u can find all the mime type here : http://www.freeformatter.com/mime-types-list.html

Any client-side check (even the browser mime-type detection) is doomed to fail because user has access to it. You'd better let the upload begin and complete, then perform a serious server side check. You simply discard the file if that is not what you expected to be.

On top of the server-side check you can of course implement the client-side check just for a neater user experience

The only way to fully secure a file upload is to attempt parsing the uploaded file with PHP or some other extension/tool that expects a specific valid file type. In other words:

• Images: use GD functions to parse the file, they'll return false if it isn't a valid image.
• Videos: could probably validate using ffmpeg on the command line and check the output or use the ID3 extension as suggested here: https://stackoverflow.com/a/134893 (credit to Zathrus Writer's comment on the question linking to this question)
• Documents: Attempt loading the file with PHPExcel/Word/PowerPoint although I'm not sure that these would support just any format of those documents as it works on OpenXML.

From looking at the getID3 extension this might be the best bet as it seems to parse a wide variety of content types.

In any case, what you essentially need is for PHP or some other 3rd party library/extension to determine that the binary data of a file corresponds with its MIME content type.

Hope this helps :)