I have tested this for control and accept only jpg and pdf but it doesn't run
$nomedic = $_FILES["file"]["name"];
$extdic = pathinfo($nomedic, PATHINFO_EXTENSION);
if($extdic != "pdf" OR $extdic != "jpg" OR $extdic != "jpeg")
{
header('Location:fileko.php');
}
$finedic='DIC';
$nomedichiarazione=$id_ope.'-'.$id_dom.'-'.$prot_dom.'-'.$A016.'-'.$finedic.'.'.$extdic;
PHP will check each condition until it finds something that is true
. This means that even if your file is a PDF-file, the $extdic != "jpg"
condition will trigger and return true, thereby running the header-call.
You can create an array of all allowed extensions, and check if the current file's extension exists in that list. If it doesn't, redirect away! You should also call exit;
after a header("Location: ..");
call.
I've also added strtolower()
, in case the incoming file has an uppercase extension (eg myFile.JPG
).
if(!in_array(strtolower($extdic), ["pdf", "jpg", "jpeg"])) {
header('Location:fileko.php');
exit;
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.