My favorite feature for such checks.
php.net/manual/en/function.getimagesize.php
Returned false? Dosvidos!

function getimgsize($url)
{
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1667.0 Safari/537.36');
    $img = curl_exec($ch);
    curl_close($ch);

    $tmpfile = tempnam('/tmp', '__myprefix__');
    file_put_contents($tmpfile, $img);

    $info = @getimagesize($tmpfile);
    unlink($tmpfile);

    return $info;
}

var_dump(getimgsize('http://toster.ru/images/no_avatar.png'));
var_dump(getimgsize('http://toster.ru/images/no_avatar.png2'));

To understand what is there, you still have to download the file first. And then you can analyze it as you like, for example, through finfo in php. You can first get the header via a HEAD request, verify that the file exists, and determine its size.
And of course, no data received from the client should be written to the database without control. At least mysqli::bind.

Perhaps try to get the size of the picture? After all, the script is unlikely to send them to you.
For example, if dimensions, Height = 0 and Width 0, then do not download. If greater than zero, Height 30 and Width 30 continue.

This is how the site will make a request to the address, and in response to it DROP TABLE.

You seem to have a big mess in your head. I'll come from afar. How to access the URL to make a request to the database?
curl + Content-Type + Mime.
curl , fileinfo .
In addition, GD has an extremely useful function .

Download the picture and make its conversion to the format of the desired site. Converting to do tools that allow you to fully control the parameters of the output file. For example imagemagick.