I have a form that uploads a PDF but I don’t think that it’s performing a file type check. How can I do this so that ONLY a pdf is uploaded and not a php script?
Here’s my code:
[code=php]if(isset($_POST[‘upload’]) && $_FILES[‘userfile’][‘size’] > 0)
{
$fileName = $_FILES[‘userfile’][‘name’];
$tmpName = $_FILES[‘userfile’][‘tmp_name’];
$fileSize = $_FILES[‘userfile’][‘size’];
$fileType = $_FILES[‘userfile’][‘type’];
$fp = fopen($tmpName, ‘r’);
$content = fread($fp, filesize($tmpName));
$content = addslashes($content);
fclose($fp);
if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
}
include(‘mysql_connect.php’)
$query = “INSERT INTO pdf (name, size, type, content) “.
“VALUES (‘$fileName’, ‘$fileSize’, ‘$fileType’, ‘$content’)”;
mysql_query($query) or die(‘Error, query failed’);