I have done functions to upload files to DB. User (uploader) can upload pdf png or jpeg files. All others are not allowed. But there is way to 'hack' it. User can have a file (for example PHP file) on own computer. He will rename the file to 'test.jpg' from 'test.php'. Then he will upload renamed file as jpg and when the program will check file, it will upload it because it will return, that it is jpg (image/jpeg). Is there a way to check if file is realy jpeg/png/...?
E: I don't want to upload only images. File to upload generaly can be in another format, so I can not use function imagesize().
There is a native PHP function mime_content_type that returns the MIME content type for a file as determined by using information from the magic.mime file.