What are the potential drawbacks of using preg_match() function for file type validation in PHP?

Using preg_match() for file type validation in PHP can be unreliable as it relies on the file extension, which can be easily manipulated. It is better to use fileinfo extension to determine the actual file type based on its content. This method provides a more accurate way to validate file types and reduce the risk of security vulnerabilities.

$file = $_FILES['file']['tmp_name'];

$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mimeType = finfo_file($finfo, $file);
finfo_close($finfo);

$allowedTypes = ['image/jpeg', 'image/png', 'image/gif'];

if (in_array($mimeType, $allowedTypes)) {
    // File type is valid
    echo 'File type is valid';
} else {
    // File type is not valid
    echo 'Invalid file type';
}