[英]Php image validation
Thus anyone has any idea why this code is not working for me 因此,任何人都知道为什么此代码对我不起作用
$type1 = $_FILES['textfield2']['type'];
$type2 = $_FILES['textfield3']['type'];
if($type1 == 'image/gif' || $type1 == 'image/png' && $type2 == 'image/gif' || $type2 == 'image/png')
{
echo 'Valid';
echo $type1.'<br />'.$type2;
}
else
{
echo 'Invalid';
}
If i select 1st file as a zip or any other format and then next as png it is going to valid that what i should not 如果我选择第一个文件作为zip或任何其他格式,然后选择png,则将是有效的,我不应该这样做
PHP's operator precedence makes && bind tighter than ||, so your test is coming out as: PHP的运算符优先级使&&绑定比||更紧密,因此您的测试结果如下:
if($type1 == 'image/gif' || ($type1 == 'image/png' && $type2 == 'image/gif') || $type2 == 'image/png')
^----------------------------------------------^
Beyond that, do not use the user-provided ['type']
data for this. 除此之外,请勿为此使用用户提供的['type']
数据。 It's utterly trivial to forge, and someone can set to 'image/gif' while uploading nastyvirus.exe. 伪造完全是微不足道的,有人可以在上传nastyvirus.exe时将其设置为“ image / gif”。
Try: 尝试:
if(($type1 == 'image/gif' || $type1 == 'image/png') &&
($type2 == 'image/gif' || $type2 == 'image/png'))
{
echo 'Valid';
echo $type1.'<br />'.$type2;
}
else
{
echo 'Invalid';
}
This is due to operator precedence, which is documented here: http://php.net/manual/en/language.operators.precedence.php 这是由于运算符优先级所致,在此处进行了记录: http : //php.net/manual/zh/language.operators.precedence.php
This is due to operator precedence . 这是由于运算符的优先级 。 &&
has higher precedence than ||
&&
优先级高于||
so your expression results in: 因此您的表情会导致:
$type1 == 'image/gif'
|| ($type1 == 'image/png' && $type2 == 'image/gif')
|| $type2 == 'image/png'
Use parentheses to make your intention clear: 使用括号使您的意图明确:
($type1 == 'image/gif' || $type1 == 'image/png')
&& ($type2 == 'image/gif' || $type2 == 'image/png')
Additionally please note that the mime type is a client supplied data and thus is very easy to manipulate. 另外请注意,MIME类型是客户端提供的数据,因此非常易于操作。 Instead you should check for a valid GIF/PNG file header (using the GD library for example.) 相反,您应该检查有效的GIF / PNG文件头(例如,使用GD库)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.