PHP file upload: mime or extension based verification?

Question

When I try to process file upload, should I run verification based on file MIME type or file-extension?

What are Pros & cons of these 2 ways of file validating?

Answer 1

Okay, so to all the geniouses here yapping something about "SCREW EXTENSIONS, CHECK MIME! FILEINFO RLZ!", I've prepared some tutorial:

1. Download this pretty php logo I drew
2. View it. Pretty nice, isn't it?
3. Rename it to whatever_you_like.php
4. Put it through all your awesome mime type/whatever checkers
5. Run it

In conclusion, you should NEVER EVER EVER rely on MIME type. You web server doesn't care about MIME type, it determines what to do by EXTENSION, the ultimately downvoted @Col. Shrapnel's answer is actually right. Any information provided to you by something checking MIME is absolutely irrelevant to your webserver when it comes to execution.

EDIT: the not-as-uncommon-code-as-you'd-want-it-to-be that opens a website to this type of attack: