堆栈内存溢出
  简体   繁体   English

在PHP中获取照片文件扩展名类型的最佳方法

[英]Best way to get a photo's file extension type in PHP

 原文  2009-08-15 04:26:41       php

问题描述

I am re-building my photo-uploading section on my site, I am trying to learn as much as I can so I can do it securely but also with best performance. 我正在我的网站上重新构建我的照片上传部分,我正尽力学习,所以我可以安全地做到这一点,但也有最好的表现。 MY site has aound 15-20 photos uploaded per minute usually 我的网站通常每分钟上传15-20张照片

So is this method reliable for gettting the photo's file type, like jpg, gif, png? 那么这种方法对于获取照片的文件类型是否可靠,如jpg,gif,png? 

 $fileType = $_FILES['image']['type'];

4 个解决方案

解决方案1
 13 已采纳  2009-08-15 04:40:18

File extensions lie, or can at least. 文件扩展名是或至少可以。 It is definitely best not to rely on/trust user submitted data. 绝对不要依赖/信任用户提交的数据。 Also, as the PHP manual notes: 另外,正如PHP手册所述:

$_FILES['userfile']['type'] - The mime type of the file, if the browser provided this information. $ _FILES ['userfile'] ['type'] - 如果浏览器提供此信息,则为文件的mime类型。 An example would be "image/gif". 一个例子是“image / gif”。 This mime type is however not checked on the PHP side and therefore don't take its value for granted. 但是,在PHP端没有检查这个mime类型,因此不会将其值视为理所当然。

This is not reliable. 这不可靠。

Here's a better way: 这是一个更好的方法:

PHP's getimagesize() function returns a numerically indexed array of data about the image, and index 2 is one of the IMAGETYPE_XXX constants ( a full list of which is available here ) indicating the type of the image. PHP的getimagesize()函数返回有关图像的数字索引数据数组,索引2是指示图像类型的IMAGETYPE_XXX常量之一( 此处有完整列表 )。 These can then be used in a number of GD family functions, the two relevant ones being image_type_to_extension() and image_type_to_mime_type() . 然后可以在许多GD族函数中使用它们,两个相关的函数是image_type_to_extension()image_type_to_mime_type()

So, you could easily do something along these lines: 所以,你可以轻松地沿着这些方向做点什么: 

$imageData = getimagesize($_FILES['userfile']['tmp_name']);
// $imageData[2] will contain the value of one of the constants
$mimeType = image_type_to_mime_type($imageData[2]);
$extension = image_type_to_extension($imageData[2]);

Although, iif you have the exif extension available, the [exif_imagetype()][5] function will return the exact same result as index 2 of getimagesize() but is much faster. 虽然,如果你有exif扩展可用, [exif_imagetype()][5]函数将返回与getimagesize()索引2完全相同的结果,但速度要快得多。

I've used the GD methods as my primary example, because they are more commonly present across PHP installs. 我使用GD方法作为我的主要示例,因为它们更常见于PHP安装中。 But the Imagick extension also offers similar functionallity, and you could also verify the mime type with the fileinfo extension (included since 5.3, btw). 但Imagick扩展也提供类似的功能,你也可以使用fileinfo扩展来验证mime类型(包括自5.3以后,btw)。

解决方案2
 2  2009-08-15 04:41:23

exif_imagetype () is the safest, fastest and most reliable way to check if a given file is a valid image file, it also works with remote URLs. exif_imagetype ()是检查给定文件是否为有效图像文件的最安全,最快速和最可靠的方法,它也适用于远程URL。

The return value is the same value that getimagesize() returns in index 2 but exif_imagetype() is much faster. 返回值与getimagesize()在索引2中返回的值相同,但exif_imagetype()更快。 

$type = @exif_imagetype($_FILES['image']['tmp_name']);

if (($type >= 1) && ($type <= 3))
{
    echo 'Valid image (GIF, JPG or PNG).';
}

else
{
    unlink($_FILES['image']['tmp_name']); // delete it
}

解决方案3
 2  2009-08-15 14:10:32

First try getimagesize or exif_imagetype() , 首先尝试getimagesizeexif_imagetype()

if it doesn't return ['mime'] , try finfo_file (if extension_loaded('fileinfo') ), 如果它没有返回['mime'] ,请尝试finfo_file (如果是extension_loaded('fileinfo') ),

if still no results, try mime_content_type (if function_exists('mime_content_type') ). 如果仍然没有结果,请尝试mime_content_type (如果是function_exists('mime_content_type') )。

If you don't want mime type , but just file extension , use pathinfo($path, PATHINFO_EXTENSION) . 如果您不想要mime类型只需要文件扩展名 ,请使用pathinfo($path, PATHINFO_EXTENSION)

解决方案4
 1  2009-08-15 04:39:07

As the doc says, 正如医生所说,

The mime type of the file, if the browser provided this information . 文件的mime类型,如果浏览器提供了此信息 [...] This mime type is however not checked on the PHP side and therefore don't take its value for granted . [...]然而,在PHP方面没有检查这个mime类型,因此不会将其值视为理所当然

In other word, you shouldn't trust it because I could upload pretty much anything I want and make it look like a jpeg to you. 换句话说,你不应该相信它,因为我可以上传我想要的任何东西,让它看起来像你的jpeg。

To make sure an uploaded file is actually an image, I've personnaly used Imagick::identifyImage in the past with excellent results. 为了确保上传的文件实际上是一个图像,我过去曾经使用过Imagick :: identifyImage ,并且效果非常好。 GD probably has the same kind of function available. GD可能具有相同的功能。

Or you could get the mime type server side using the fileinfo extension, more specifically finfo_file() 或者你可以使用fileinfo扩展获得mime类型的服务器端,更具体地说是finfo_file()

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在php中获取文件mime类型的最佳方法 - Best way to get file mime type in php 获得远程文件类型以替代PHP的getimagesize()的更好方法? - Better way to get remote file type to replace PHP's getimagesize()? 在PHP中获取HashTable的最佳方法是什么? - What's the best way to get a HashTable in PHP? 如何在 PHP 中获取文件的扩展名? - How to get a file's extension in PHP? PHP:没有文件扩展名的文件名 - 最好的方法? - PHP: filename without file extension- best way? PHP file_put_contents获取文件扩展名/类型 - PHP file_put_contents get file extension/type 在 PHP 中获取浮点数小数部分的最佳方法是什么? - What's the best way to get the fractional part of a float in PHP? 获取没有PECL扩展名的PHP5中本地文件的MIME类型? - Get MIME type of a local file in PHP5 without a PECL extension? 获取在PHP和WordPress中没有扩展名的图像的文件类型 - Get file type for images that do not have an extension in PHP and WordPress 使用php获取URL目录的最佳方法是什么? - What's the best way to get the Directory of a URL using php?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM