Michdd Posted November 2, 2008 Share Posted November 2, 2008 I noticed that if someone uploads an html file renamed .gif it allows them to upload it, and it works like a website, how can I run a check in php to see if it's really an image. Link to comment https://forums.phpfreaks.com/topic/131101-checking-if-an-upload-is-really-an-image-and-not-renamed-extension/ Share on other sites More sharing options...
graham23s Posted November 2, 2008 Share Posted November 2, 2008 Hi Mate, you could check: $_FILES['userfile']['type']; this will check the type of file uploaded which can be: images/gif so if the type of file uploaded isn't equal to image/gif or image/jpg etc then its not an image file hope that helps Graham Link to comment https://forums.phpfreaks.com/topic/131101-checking-if-an-upload-is-really-an-image-and-not-renamed-extension/#findComment-680665 Share on other sites More sharing options...
Michdd Posted November 2, 2008 Author Share Posted November 2, 2008 Hi Mate, you could check: $_FILES['userfile']['type']; this will check the type of file uploaded which can be: images/gif so if the type of file uploaded isn't equal to image/gif or image/jpg etc then its not an image file hope that helps Graham So if the uploaded file is a .gif image that will output: images/gif? So I could use: $check = $_FILES['userfile']['type']; if($check =! "images/gif"){ die(); } RighT? Link to comment https://forums.phpfreaks.com/topic/131101-checking-if-an-upload-is-really-an-image-and-not-renamed-extension/#findComment-680670 Share on other sites More sharing options...
graham23s Posted November 2, 2008 Share Posted November 2, 2008 yep thats it so basically you have: image/jpg image/jpeg image/gif image/png that's the main ones you could put them all in an array to! then if none of these are in the array then... die() Graham Link to comment https://forums.phpfreaks.com/topic/131101-checking-if-an-upload-is-really-an-image-and-not-renamed-extension/#findComment-680673 Share on other sites More sharing options...
bobbinsbro Posted November 2, 2008 Share Posted November 2, 2008 ??? but i thought the browsers check the file extension to determine the mime-types which they send to the server... Link to comment https://forums.phpfreaks.com/topic/131101-checking-if-an-upload-is-really-an-image-and-not-renamed-extension/#findComment-680676 Share on other sites More sharing options...
Andy-H Posted November 2, 2008 Share Posted November 2, 2008 $check = $_FILES['userfile']['type']; $name = explode('.', $_FILES['userfile']['name']); $i = count($name) - 1; $ext = $name[$i]; if ($check == "image/" . $ext){ //upload file }else{ //give error } Would that work? //EDIT: Changed split() to explode() after my grilling on resource usages in another topic lol Link to comment https://forums.phpfreaks.com/topic/131101-checking-if-an-upload-is-really-an-image-and-not-renamed-extension/#findComment-680677 Share on other sites More sharing options...
thebadbad Posted November 2, 2008 Share Posted November 2, 2008 ??? but i thought the browsers check the file extension to determine the mime-types which they send to the server... bobbinsbro is right as far as I know. Have a look at my posts at this topic. Link to comment https://forums.phpfreaks.com/topic/131101-checking-if-an-upload-is-really-an-image-and-not-renamed-extension/#findComment-680698 Share on other sites More sharing options...
AndyB Posted November 2, 2008 Share Posted November 2, 2008 I noticed that if someone uploads an html file renamed .gif it allows them to upload it, and it works like a website, how can I run a check in php to see if it's really an image. Use the getimagesize() function - it only works with images http://ca.php.net/manual/en/function.getimagesize.php Link to comment https://forums.phpfreaks.com/topic/131101-checking-if-an-upload-is-really-an-image-and-not-renamed-extension/#findComment-680703 Share on other sites More sharing options...
Michdd Posted November 2, 2008 Author Share Posted November 2, 2008 I noticed that if someone uploads an html file renamed .gif it allows them to upload it, and it works like a website, how can I run a check in php to see if it's really an image. Use the getimagesize() function - it only works with images http://ca.php.net/manual/en/function.getimagesize.php I know of that function, and I use it, how would I prepare something so that if it fails, then die or something similar to that? And, um doesn't that only work if the server is already uploaded somewhere? Link to comment https://forums.phpfreaks.com/topic/131101-checking-if-an-upload-is-really-an-image-and-not-renamed-extension/#findComment-680707 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.