how can we prevent .exe type file upload in a website?

Suppose we have a example.exe file. we first put that file in a new folder and then zip that folder with any zipping software, Can we prevent that zipped folder upload in a website? h开发者_如何学Goow can we do that?

You cannot prevent it, because you can't tell what the browser is going to submit before it submits it. All you can do is when the file arrives on the server, check the file extension - if it's an exe (or a .zip and you open it up and find an .exe) then reject it.

You can use something like SWFupload to get a handle on the file before it's uploaded, but the best that'll do is tell you the name of the file.

Besides, they could just take "example.exe" change the name to "example.txt" and still upload it...

You check on the server. Checking with javascript in form.onsubmit is dumb because its quite simple to post a form with a file to the same URL and skip your super secure javascript powered page.