Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

php - how to make sure that the uploaded file is a jpg, gif or png?

Tags:

php

gd

In php I can check if a uploaded file has proper type by extension, so code should look like this:

if ((($_FILES["photo1"]["type"] == "image/gif")
|| ($_FILES["photo1"]["type"] == "image/jpeg")
|| ($_FILES["photo1"]["type"] == "image/png"))
&& ($_FILES["photo1"]["size"] < 500000)) //also limiting size

Then in next step in my code I prepare a file for further processing. But what if someone changes a text_file.doc or javascript_file.js to samplefile.jpg before upload?

move_uploaded_file(($_FILES['photo1']['tmp_name']), "photos/1.jpg");
$source1 = imagecreatefromjpeg("../photos/source1.jpg");

Then user will see errors from imagecreatefromjpeg step:

Warning: imagecreatefromjpeg() [function.imagecreatefromjpeg]: gd-jpeg: JPEG
library reports unrecoverable error: in...

How to skip a processing part if a file is not a graphic file and not display errors?

like image 595
Lucas Avatar asked Jan 18 '23 05:01

Lucas

2 Answers

As written on the documentation for file-uploads, it is stated that$_FILES['userfile']['type'] is

The mime type of the file, if the browser provided this information. An example would be "image/gif". This mime type is however not checked on the PHP side and therefore don't take its value for granted.

This means it is not checked on the php side, which you should do with mime_content_type and confirm its mime type.

Alternatively, you could use getimagesize to actually check if the file that has been uploaded has a imagesize, and if not, then its not an image.

like image 159
Jan Dragsbaek Avatar answered Apr 27 '23 23:04

Jan Dragsbaek

I would use getimagesize and check for possible errors, something like this:

try {
    $size = getimagesize("your_image_file");
    echo 'image!';
} catch (Exception $e) {
    echo 'no known image format!'; 
}

This GD function is not perfect, but it can cope with several image file formats.

There are several ways to omit the warnings in PHP. If an error like this can happen, it usually will happen. Either expect it in your code (usually preferrable, see my example with try...catch) or configurate your enviroment to your needs (p.e. omit warnings).

like image 34
Bjoern Avatar answered Apr 27 '23 23:04

Bjoern
Sign in to Comment

Related questions

Count how many of each value from a field with MySQL and PHP
Jquery POST fetching data on keyup
JavaScript VS PHP: The same calculation returns different result
How to add same name menu items in joomla menu
PDO query error after server migration and/or PHP upgrade
Can't import database through phpmyadmin
If PHP is running on Linux; how to get the specific distribution(Ubuntu, fedora, etc..)?
How to keep OAuth settings a secret?
Post Objects in Advanced Custom Fields order by date
Good Programming Practices With PHP With Concatenating HTML
Yii: Multiple order by conditions
utf8 collation difference between unicode and danish
Why is sprintf returning false here?
How to check username and password case sensitive?
MySQL query between 2 dates fields
Laravel 4: how to write the correct nested controller for nested resource?
Warning: Invalid argument supplied for foreach() in mpdf.php on line 11008
PHP combine arrays on similar elements
PHP regular expression issue preg_match() on timestamps
How to use DoctrineModule\Validator\NoObjectExists in edit forms - Zend Framework 2 & Doctrine 2

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!