I am building a PHP web app and it includes image uploading. I've read about preventing the uploads of fake images. But what are fake images and how can they be used to attack a server?
Is it sufficient using the PHP function getimagesize()
along with checking the file extension to eliminate all possible attacks through images?