dousi9215 2017-05-12 12:52
浏览 56

如何通过PHP检查图像文件的真实性

i have written a php script which checks the image file for its extension.. such as JPG, JPEG, PNG, GIF uploaded thru an HTML form .

Now comes my problem which is, any 1 may upload any kind of file by giving it an extension of JPG, JPEG, PNG, GIF.

Can any one help me so that, one should strictly be able to upload only an image file and not any other file which carries just extension of Image file.

I tried hard .. but failed...Here is my php script which i have written

        <?php
        $target_dir = "images/";
        $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
        $uploadOk = 1;
        $imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
        // Check if image file is a actual image or fake image
        if(isset($_POST["submit"])) {
            $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
            if($check !== false) {
                echo "File is an image - " . $check["mime"] . ".";
                $uploadOk = 1;
            } else {
                echo "File is not an image.";
                $uploadOk = 0;
            }
        }
        // Check if file already exists
        if (file_exists($target_file)) {
            $target_file = $target_dir . date('YmdHis') . '.' . $imageFileType;

            if (file_exists($target_file)) {
                echo "<h2>File with same name already exists. Try renaming your file and Uploading again.</h2>";
                $uploadOk = 0;
            }
        }
        // Allow certain file formats
        if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif" ) {
            echo "<h2>Only JPG, JPEG, PNG & GIF files are allowed.</h2>";
            $uploadOk = 0;
        }
        // Check if $uploadOk is set to 0 by an error
        if ($uploadOk == 0) {
            echo "<h2><mark>ERROR</mark> :Sorry, your file was not uploaded.</h2>";
            echo "<a href='submitdesign.html'><h3>Click Here to TRY AGAIN.</h3></a>";
            exit;
        // if everything is ok, try to upload file
        } else {
            if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
                echo "<h3>The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.</h3>";
            } else {
                echo "<h2><mark>ERROR</mark> : Maximum File Size Allowed is upto 2MB. Please Optimize your Image Size</h2>";
                echo "<a href='submitdesign.html'><h3>Click Here to TRY AGAIN</h3></a>";
                exit;

            }
        }
        ?>
  • 写回答

4条回答 默认 最新

  • dsfdsf21321 2017-05-12 12:55
    关注

    You will take the MIMETYPE of the file, with that you can validate with high fidelity.

    You can use finfo() too.

    EXAMPLE:

    <?php
$imageType = explode('/', mime_content_type($yourimage));
$acceptedFormats = ['jpg', 'jpeg', 'png', 'gif', 'x-png', 'pjpeg', 'svg'];
if ($imageType[0] == 'image'){
    if (in_array($imageType[1], $acceptedFormats)){
        //RUN YOUR CODE
    }
} else {
    exit('ERROR FILE INVALID');
}
    评论

报告相同问题?

悬赏问题

  • ¥15 对于squad数据集的基于bert模型的微调
  • ¥15 为什么我运行这个网络会出现以下报错?CRNN神经网络
  • ¥20 steam下载游戏占用内存
  • ¥15 CST保存项目时失败
  • ¥15 树莓派5怎么用camera module 3啊
  • ¥20 java在应用程序里获取不到扬声器设备
  • ¥15 echarts动画效果的问题,请帮我添加一个动画。不要机器人回答。
  • ¥15 Attention is all you need 的代码运行
  • ¥15 一个服务器已经有一个系统了如果用usb再装一个系统,原来的系统会被覆盖掉吗
  • ¥15 使用esm_msa1_t12_100M_UR50S蛋白质语言模型进行零样本预测时,终端显示出了sequence handled的进度条,但是并不出结果就自动终止回到命令提示行了是怎么回事: