I use var_dump(@$_FILES['file']['type'])to test file type I uploaded

我var_dump(@$_FILES['file']['type'])用来测试我上传的文件类型

First, I uploaded an exe filecalled "uninstall.exe", and it returned

首先，我上传了一个exe file名为“ uninstall.exe”，然后它返回

"string 'application/octet-stream' (length=24)"

Then, I renamed this file to uninstall.png, it returned

然后，我将此文件重命名为uninstall.png，它返回

string 'image/png' (length=9)

My conclusion is: $_FILES['file']['type'] only check file extension, not the original file type.

我的结论是：$_ FILES['file']['type'] 只检查文件扩展名，不检查原始文件类型。

The following code is from w3cschool:

以下代码来自w3cschool：

$allowedExts = array("gif", "jpeg", "jpg", "png");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 20000)
&& in_array($extension, $allowedExts))

I think $_FILES["file"]["type"]in above codes is unnecessary, we can just check file extension using explode()and in_array

我认为$_FILES["file"]["type"]上面的代码是不必要的，我们可以使用explode()和检查文件扩展名in_array

I'm just a php beginner, can someone confirm my idea? Thanks!

我只是一个 php 初学者，有人可以证实我的想法吗？谢谢！