What is this blog about?
For those who don't understand roumanian language, acces interzis means access denied and refers to all techniques of getting unauthorized acces to a PC, hosting server, database, website, email account and so on. Basically, it refers to how well you know to protect your stuff no matter if you are a professional developer or just a regular PC/Internet user.

How do I extract the extension of a file?

<?php
function extract_extension($file) {
	if (strrpos($file,'.')) {
		$extension = strtolower(substr($file,strrpos($file,'.'),100));
	} else {
		$extension = '';
	}
	return($extension);
}

//example
echo extract_extension("header.inc.php");
?>

The above PHP function extracts the extension of a file. It is useful when we create upload forms or when we read dynamic a folder of files. For instance, a folder of images used by an image gallery or a folder of fonts used by a CAPTCHA.

When we create an upload form for adding images we must not allow the user to upload on our hosting server whatever his mind wants. We must make sure that what the user uploads is truely an image and not something else. Let’s say a malicious executable or scam pages which obviously can harm our server, website, image. So, each time when we develop server-side code we must keep in mind that what the user enters is not trustable. Therefore, we must add all restrictions which are required.

Usually, an image gallery feeds dynamic with the images of a folder of the hosting server. This PHP script helps us to be sure that it grabs only the images of the folder.

Tweet This Post