If you are trying to prevent users uploading dangerous content, preventing them to upload exe files isn't enough. This is a black list approach. Much better is to ask yourself what are the valid file types you do support and block all others. This is a white list.
To allow certain file types you can check for the extension, but perhaps also validate the file header (the first couple of bytes from a file) to detect whether it is actually of the type you expect. You will have to figure out for each file type what the possible headers are.
Good luck.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
