I was curious what problems do you see with using the following:
$f = $_FILES['uploadedfile']['type'];
then use the result to make sure only jpeg, gif, png files are uploaded?
I also plan to rename the uploaded files, but I want to try and prevent other extensions from even being uploaded.
uploading file security
Moderator: General Moderators
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
-
Charles256
- DevNet Resident
- Posts: 1375
- Joined: Fri Sep 16, 2005 9:06 pm
This http://www.ourlifeproject.com/?p=8 may be of use. If you don't want to resize the image just pass the original width and height by using http://www.php.net/getimagesize . If they try to upload something other than an image the function will fail and let you know. If that's over your head then just pretend I said nothing. 
getimagesize() will pass bmp, tiff etc, kippy asked for "only jpeg, gif, png".
will return false if the file is not jpeg.
It has analogs for gif and png files too.
Code: Select all
imagecreatefromjpeg($filename)It has analogs for gif and png files too.
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
Using the image* functions would be a waste of time and memory for this. getimagesize() tells you all sorts of information without eating a lot of memory.. use that.miro_igov wrote:will return false if the file is not jpeg.Code: Select all
imagecreatefromjpeg($filename)
It has analogs for gif and png files too.
- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
getimagesize() shouldn't be used alone, though. It should be used to determine what the image should be, and then you should handle the image with the appropriate GD function to ensure that it is the same type that it claims to be. I've heard of exploits by hackers on programmers that trust getimagesize() as though the headers of the file are the bottom line for what the contents will be.