Php文件图像上传安全性(Php file image upload security)

Php文件图像上传安全性(Php file image upload security) $filename=$_FILES['file']['name']; $type=$_FILES['file']['type']; $extension=strtolower(substr($filename, strpos($filename, '.')+1)); $size=$_FILES['file']['size']; if(($extension=='jpg' || $extension=='jpeg') && ($type!='image/jpg' || $type!='image/jpeg')){...

我有一个输入文件，可以让用户只上传jpg / jpeg图像，我有检查类型，扩展名，大小。

但是我不知道如何检查用户是否更改扩展名。（例如abc.php - > abc.jpg）

在将用户的图像保存到服务器之前，我还需要检查其他任何东西吗？

$filename=$_FILES['file']['name']; $type=$_FILES['file']['type']; $extension=strtolower(substr($filename, strpos($filename, '.')+1)); $size=$_FILES['file']['size']; if(($extension=='jpg' || $extension=='jpeg') && ($type!='image/jpg' || $type!='image/jpeg')){...

I have a input file, can let user upload jpg/jpeg image only, I have check type, extension, size.

However I'm not sure how to check if user change extension.(ex. abc.php -> abc.jpg)

any thing else I need to check before I save user's image into my server?

最满意答案

您可以使用exif_imagetype()检查图像

http://www.php.net/manual/en/function.exif-imagetype.php

exif_imagetype（）读取图像的第一个字节并检查其签名。

You can check the image with exif_imagetype()

http://www.php.net/manual/en/function.exif-imagetype.php

exif_imagetype() reads the first bytes of an image and checks its signature.