Results 1 to 3 of 3

Thread: Check for a real image

  1. #1
    Join Date
    Mar 2005

    Question Check for a real image


    I'm trying to make an image upload form on my website, and I do not know how to ensure that what the user is uploading is a real image.

    I could do...
    if ($_FILES['imagefile']['type'] == "image/gif" || $_FILES['imagefile']['type'] == "image/jpeg" || etc.)

    But that only checks the header. If somebody create a PHP file with a custom header, they could essentially upload the PHP file to my server and use it to kill me, couldn't they?

    How do I check whether the file is DEFINITELY an image?

    Thanks. =]

  2. #2
    Join Date
    Dec 2005
    That's an excellent question. That's what I thought to myself when I read this post. This is what I think, and there are probably other, better ways to do this because I am not too well versed in the ways of this file checking stuff (but I can provide a lovely conversation partner).

    Why not just check for the file extension? If it's not a valid image (i.e. .png, .gif, .jpg, etc.) then don't allow the upload. People cannot execute scripts that are not parsed so if they do upload a script (php, for example, could be another type) then in order for it to execute then it has to be parsed and as long as you don't have .gif in your .htaccess file as an extension that can be parsed by the php parser, then the script will not be able to execute.

    I think you raised a very good concern, but I think it's also being a little over-cautious. Scripts cannot be executed if they cannot be parsed.

  3. #3
    Join Date
    Jan 2005
    Alicante (Spain)
    Use getimagesize(). This will return false if the file headers are not an image. For an even more thorough check use one of the GD functions (imagecreatefromstring()) for example.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center

Recent Articles