Image Uploader and false images!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
izone
Forum Newbie
Posts: 3
Joined: Tue Jun 27, 2006 6:20 pm

Image Uploader and false images!

Post by izone »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hello,

I've a script to use for my image uploader and it works great, but if you change ext. for a php file (for example) to jpg it doesn't reconized that the file acctually is not an image file. I'm worry about the security of my site and appreciate if some one here could help me to make some changes to it. 

Here is my upload.php file:


Best Regards.


[color=red][b]feyd[/b] | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Last edited by izone on Thu Jun 29, 2006 3:04 pm, edited 1 time in total.
Robert Plank
Forum Contributor
Posts: 110
Joined: Sun Dec 26, 2004 9:04 pm
Contact:

Post by Robert Plank »

Look up getimagesize() function. You can run the filename through getimagesize() and it will return false if it's not a real image.
izone
Forum Newbie
Posts: 3
Joined: Tue Jun 27, 2006 6:20 pm

Post by izone »

First of all, I apologize for not right code tag in my post and thanks for telling me about that.
Robert Plank wrote:Look up getimagesize() function. You can run the filename through getimagesize() and it will return false if it's not a real image.
And thank you Robert Plank for your help. But could you please show me a place in my codes abov to put this code to? I am new on this and don't know how to handle it.

Regards.
Robert Plank
Forum Contributor
Posts: 110
Joined: Sun Dec 26, 2004 9:04 pm
Contact:

Post by Robert Plank »

Code: Select all

if (@getimagesize($_FILES['attached']['tmp_name']) === FALSE) {
   // not an image
}
izone
Forum Newbie
Posts: 3
Joined: Tue Jun 27, 2006 6:20 pm

Post by izone »

Robert Plank

Thank you very much for that. It works now great and more secure.
Post Reply