Php文件图像上传安全性(Php file image upload security)
$filename=$_FILES['file']['name'];
$type=$_FILES['file']['type'];
$extension=strtolower(substr($filename, strpos($filename, '.')+1));
$size=$_FILES['file']['size'];
if(($extension=='jpg' || $extension=='jpeg') && ($type!='image/jpg' || $type!='image/jpeg')){...
我有一个输入文件,可以让用户只上传jpg / jpeg图像,我有检查类型,扩展名,大小。
但是我不知道如何检查用户是否更改扩展名。(例如abc.php - > abc.jpg)
在将用户的图像保存到服务器之前,我还需要检查其他任何东西吗?
$filename=$_FILES['file']['name']; $type=$_FILES['file']['type']; $extension=strtolower(substr($filename, strpos($filename, '.')+1)); $size=$_FILES['file']['size']; if(($extension=='jpg' || $extension=='jpeg') && ($type!='image/jpg' || $type!='image/jpeg')){...I have a input file, can let user upload jpg/jpeg image only, I have check type, extension, size.
However I'm not sure how to check if user change extension.(ex. abc.php -> abc.jpg)
any thing else I need to check before I save user's image into my server?
最满意答案
您可以使用exif_imagetype()检查图像
http://www.php.net/manual/en/function.exif-imagetype.php
exif_imagetype()读取图像的第一个字节并检查其签名。
You can check the image with exif_imagetype()
http://www.php.net/manual/en/function.exif-imagetype.php
exif_imagetype() reads the first bytes of an image and checks its signature.
更多推荐
发布评论