dousi9215 2017-05-12 12:52
浏览 56

如何通过PHP检查图像文件的真实性

i have written a php script which checks the image file for its extension.. such as JPG, JPEG, PNG, GIF uploaded thru an HTML form .

Now comes my problem which is, any 1 may upload any kind of file by giving it an extension of JPG, JPEG, PNG, GIF.

Can any one help me so that, one should strictly be able to upload only an image file and not any other file which carries just extension of Image file.

I tried hard .. but failed...Here is my php script which i have written

        <?php
        $target_dir = "images/";
        $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
        $uploadOk = 1;
        $imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
        // Check if image file is a actual image or fake image
        if(isset($_POST["submit"])) {
            $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
            if($check !== false) {
                echo "File is an image - " . $check["mime"] . ".";
                $uploadOk = 1;
            } else {
                echo "File is not an image.";
                $uploadOk = 0;
            }
        }
        // Check if file already exists
        if (file_exists($target_file)) {
            $target_file = $target_dir . date('YmdHis') . '.' . $imageFileType;

            if (file_exists($target_file)) {
                echo "<h2>File with same name already exists. Try renaming your file and Uploading again.</h2>";
                $uploadOk = 0;
            }
        }
        // Allow certain file formats
        if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif" ) {
            echo "<h2>Only JPG, JPEG, PNG & GIF files are allowed.</h2>";
            $uploadOk = 0;
        }
        // Check if $uploadOk is set to 0 by an error
        if ($uploadOk == 0) {
            echo "<h2><mark>ERROR</mark> :Sorry, your file was not uploaded.</h2>";
            echo "<a href='submitdesign.html'><h3>Click Here to TRY AGAIN.</h3></a>";
            exit;
        // if everything is ok, try to upload file
        } else {
            if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
                echo "<h3>The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.</h3>";
            } else {
                echo "<h2><mark>ERROR</mark> : Maximum File Size Allowed is upto 2MB. Please Optimize your Image Size</h2>";
                echo "<a href='submitdesign.html'><h3>Click Here to TRY AGAIN</h3></a>";
                exit;

            }
        }
        ?>
  • 写回答

4条回答 默认 最新

  • dsfdsf21321 2017-05-12 12:55
    关注

    You will take the MIMETYPE of the file, with that you can validate with high fidelity.

    You can use finfo() too.

    EXAMPLE:

    <?php
$imageType = explode('/', mime_content_type($yourimage));
$acceptedFormats = ['jpg', 'jpeg', 'png', 'gif', 'x-png', 'pjpeg', 'svg'];
if ($imageType[0] == 'image'){
    if (in_array($imageType[1], $acceptedFormats)){
        //RUN YOUR CODE
    }
} else {
    exit('ERROR FILE INVALID');
}
    评论

报告相同问题?

悬赏问题

  • ¥100 求数学坐标画圆以及直线的算法
  • ¥35 平滑拟合曲线该如何生成
  • ¥100 c语言,请帮蒟蒻写一个题的范例作参考
  • ¥15 名为“Product”的列已属于此 DataTable
  • ¥15 安卓adb backup备份应用数据失败
  • ¥15 eclipse运行项目时遇到的问题
  • ¥15 关于#c##的问题:最近需要用CAT工具Trados进行一些开发
  • ¥15 南大pa1 小游戏没有界面,并且报了如下错误,尝试过换显卡驱动,但是好像不行
  • ¥15 自己瞎改改,结果现在又运行不了了
  • ¥15 链式存储应该如何解决