Hi,
I have a form with image upload and I check the allowed file extensions using the following array:
$allowedExtensions = array('jpg', 'jpeg', 'gif', 'png');
Is there a way to express the values in above array in a case insensitive way so that “JPG”, “Jpg” and “jpg” or “PNG”, “Png” and “png” will all be accepted? I know I can add 6 more elements to the array to accomplish this but maybe there is a solution with preg_match() or other function that I can’t think of.
Thanks for your ideas.
apply strtolower to the extension of the uploaded file and compare that to your array using in_array.
Hi there nayen,
What I would do, is to get the extension of the uploaded file, then downcase it and see if it’s in the array.
A bit like this:
$fileName = "myfile.JPG";
$allowedExtensions = array('jpg', 'jpeg', 'gif', 'png');
$arr = explode(".", $fileName);
$extensionType = strtolower(end($arr));
echo in_array($extensionType, $allowedExtensions);;
Hope that helps.
Edit: Rémon was quicker 
That’s clever, couldn’t think of it. Thank you both.
Not sure if you thought about this, or if there are reasons not to do this, but I usually do not validate against extension. Instead I validate against MIME type and that is provided in the Superglobals $_FILES via the [‘type’] index.
Example from php.net
/***
now verify the mime, i did not find
something more easy than verify the
'image/' ty^pe. if wrong tell it!
***/
if(!preg_match('/image\\/i', $_FILES['attachment']['type'])) {
echo 'The uploaded file is not an image please upload a valid file!';
}
Why do I prefer MIME type? Because I’m a 98% Linux user and 90% of my files do not have extensions or have extensions that may not be typical 
The example script I found on the web uses both extension validation and MIME type validation. I don’t have that much knowledge to question why. If you are saying that checking MIME types will be enough, then I will use your code.
While I agree that checking mime type is better than checking file extension, I wouldn’t use $_FILES to get it since that is user provided information and may well be false (see comment 1 at php.net/manual/en/features.file-upload.php).
I would use file_info instead.
MIME Type is the type of file you received. An extension can be anything. For example, I’ve seen kiddie hacker scripts that use image uploaders to get their scripts on a remote server because the only validation used is extension. So they upload my-malicious-file.php.jpg, which passes some validation (not all), and they then look for a way to rename it and run it, or just a way to run it.
The MIME Type for that particular example would not contain ‘image/’, so it would fail the validation. It’s really just my personal choice to use MIME Type over extension, but I think it is a logical decision (or at least a good topic for a bit of discussion :))
To be fair, I was lazy and took that straight from php manual (wanted to verify it was part of $_FILES), but yes, [fphp]file_info[/fphp] is much much safer or you can use [fphp]getimagesize/fphp if you want to read other items too, such as the width/height of the image.