Jump to content

Checking if an upload is really an image? And not renamed extension?

Michdd

By Michdd
in PHP Coding Help

 Share

Recommended Posts

graham23s Advanced Member

graham23s

Posted
Posted

Hi Mate,

 

you could check: $_FILES['userfile']['type'];

 

this will check the type of file uploaded which can be: images/gif

 

so if the type of file uploaded isn't equal to image/gif or image/jpg etc then its not an image file :)

 

hope that helps

 

Graham

Michdd Advanced Member

Michdd

Posted
  • Author
Posted

Hi Mate,

 

you could check: $_FILES['userfile']['type'];

 

this will check the type of file uploaded which can be: images/gif

 

so if the type of file uploaded isn't equal to image/gif or image/jpg etc then its not an image file :)

 

hope that helps

 

Graham

 

So if the uploaded file is a .gif image that will output:

 

images/gif?

 

So I could use:

 

$check = $_FILES['userfile']['type'];

 

if($check =! "images/gif"){

die();

}

 

RighT?

graham23s Advanced Member

graham23s

Posted
Posted

yep :)

 

thats it :) so basically you have:

 

image/jpg

image/jpeg

image/gif

image/png

 

that's the main ones :) you could put them all in an array to! then if none of these are in the array then... die() :)

 

Graham

Andy-H Advanced Member

Andy-H

Posted
Posted 

$check = $_FILES['userfile']['type'];  
$name = explode('.', $_FILES['userfile']['name']);
$i = count($name) - 1;

$ext = $name[$i];

if ($check == "image/" . $ext){

//upload file

}else{
//give error
}

 

Would that work?

 

//EDIT: Changed split() to explode() after my grilling on resource usages in another topic lol

 

AndyB Regular Member

AndyB

Posted
Posted

I noticed that if someone uploads an html file renamed .gif it allows them to upload it, and it works like a website, how can I run a check in php to see if it's really an image.

 

Use the getimagesize() function - it only works with images

 

http://ca.php.net/manual/en/function.getimagesize.php

Michdd Advanced Member

Michdd

Posted
  • Author
Posted

I noticed that if someone uploads an html file renamed .gif it allows them to upload it, and it works like a website, how can I run a check in php to see if it's really an image.

 

Use the getimagesize() function - it only works with images

 

http://ca.php.net/manual/en/function.getimagesize.php

 

I know of that function, and I use it, how would I prepare something so that if it fails, then die or something similar to that?

 

And, um doesn't that only work if the server is already uploaded somewhere?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.