File upload not working in IE, but works in FF, Chrome, and Safari...

Question

I'm stumped. I've created an upload image process that works in every browser except Internet Explorer. I didn't check IE7 but IE8 seems to not check the file extension. I keep getting the error "you must upload a jpg, gif, bmp."

  /* image uploading */
  $target_path = "img/";
  $image = $_FILES['crebusimage'];
  $image['name'] = mysql_real_escape_string($image['name']);
  $target_path .= $crebustime."_".$image['name'];
  $valid_types = array("image/jpg", "image/jpeg", "image/bmp", "image/gif", "image/jpe", "image/jfif", "image/png");

  $field = 'crebusimage';
  if(strlen($image['name']) == 0){
   $form->setError($field, "*please choose an image");
  }elseif(!in_array($image['type'], $valid_types)){
   $form->setError($field, "*You must upload a jpg, gif, or bmp");
  }else{
   $busimg = $crebustime."_".$image['name'];
   move_uploaded_file($image['tmp_name'], $target_path);
  }

 <td><b>Business Logo<br />(100Kb or less 100x100px)</b></td>
 <td><input type="file" name="crebusimage" value="1"></td>
 <td><input type="hidden" name="MAX_FILE_SIZE" value="100000" /></td>
 <td><?php echo $form->error('crebusimage'); ?></tD>

How can I make this thing work in evil IE...

Answer 1

You should be checking the file extensions, not the headers sent along with the image. Maybe IE doesn't send these as they can be faked.

Answer 2

See what you're getting in your $_FILES array by executing this:

echo '<pre>';
print_r($_FILES);
echo '</pre>';

and use getimagesize to determine the image type, as mime types can be spoofed as @Juddling has correctly pointed out.

Answer 3

If you're uploading jpegs, they generally get sent with the mimetype image/pjpeg in IE.

Specifically, I've encountered this problem with csv files. Windows machines will give you varying mimetypes depending on what you have installed to open csv files. /endgripe ;)