How to validate images in PHP?

O

Optimus2017-09-05 10:38:47

PHP

Optimus, 2017-09-05 10:38:47

The $_FILES array contains:

array(1) {
  ["uploadfile"]=>
  array(5) {
    ["name"]=>
    string(9) "icons.png"
    ["type"]=>
    string(9) "image/png"
    ["tmp_name"]=>
    string(39) "/var/www/user/data/mod-tmp/HUFGGSHGDSF"
    ["error"]=>
    int(0)
    ["size"]=>
    int(6680)
  }
}

1) We check file extensions in name for matching image extensions, but this seems to be unreliable.
2) Validation with mime_content_type. In this function, too, should name be given in this case? So it will also always give out image/gif if you can slip a fake extension into name? Besides, I already have image/png in the type array element, isn't that enough?
3) What else needs to be added today?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

N

Nikolai Konyukhov, 2017-09-05
Pyan @marrk2

PHP Uploading files - image only checking , although the official doc says that using getimagesize for checking is a bad idea:

Caution
This function expects filename to be a valid image file. If a non-image file is supplied, it may be incorrectly detected as an image and the function will return successfully, but the array may contain nonsensical values.
Do not use getimagesize() to check that a given file is a valid image. Use a purpose-built solution such as the Fileinfo extension instead.