php - 如何确保上传的文件是jpg,gif或png?
[英]php - how to make sure that the uploaded file is a jpg, gif or png?
问题描述
In php I can check if a uploaded file has proper type by extension, so code should look like this: 
在php中,我可以通过扩展检查上传的文件是否具有正确的类型,因此代码应如下所示:
if ((($_FILES["photo1"]["type"] == "image/gif")
|| ($_FILES["photo1"]["type"] == "image/jpeg")
|| ($_FILES["photo1"]["type"] == "image/png"))
&& ($_FILES["photo1"]["size"] < 500000)) //also limiting size
Then in next step in my code I prepare a file for further processing. 然后在我的代码的下一步中,我准备一个文件进行进一步处理。 But what if someone changes a text_file.doc or javascript_file.js to samplefile.jpg before upload? 但是如果有人在上传之前将text_file.doc或javascript_file.js更改为samplefile.jpg会怎样?
move_uploaded_file(($_FILES['photo1']['tmp_name']), "photos/1.jpg");
$source1 = imagecreatefromjpeg("../photos/source1.jpg");
Then user will see errors from imagecreatefromjpeg step: 然后用户将看到来自imagecreatefromjpeg步骤的错误:
Warning: imagecreatefromjpeg() [function.imagecreatefromjpeg]: gd-jpeg: JPEG
library reports unrecoverable error: in...
How to skip a processing part if a file is not a graphic file and not display errors? 如果文件不是图形文件而不显示错误,如何跳过处理部分?
3 个解决方案
解决方案1
5 2011-11-24 13:10:24
As written on the documentation for file-uploads , it is stated that $_FILES['userfile']['type'] is 正如文件上传文档所述,声明$_FILES['userfile']['type']是
The mime type of the file, if the browser provided this information.
This means it is not checked on the php side, which you should do with mime_content_type and confirm its mime type. 这意味着它不会在php端检查,你应该使用mime_content_type并确认它的mime类型。
Alternatively, you could use getimagesize to actually check if the file that has been uploaded has a imagesize, and if not, then its not an image. 或者,您可以使用getimagesize来实际检查已上载的文件是否具有图像大小,如果没有,则不是图像。
解决方案2
3 已采纳 2011-11-24 13:13:12
I would use getimagesize and check for possible errors, something like this: 我会使用getimagesize并检查可能的错误,如下所示:
try {
$size = getimagesize("your_image_file");
echo 'image!';
} catch (Exception $e) {
echo 'no known image format!';
}
This GD function is not perfect, but it can cope with several image file formats. 这个GD功能并不完美,但它可以应对多种图像文件格式。
There are several ways to omit the warnings in PHP. 有几种方法可以省略PHP中的警告。 If an error like this can happen, it usually will happen. 如果发生这样的错误,通常会发生。 Either expect it in your code (usually preferrable, see my example with try...catch) or configurate your enviroment to your needs (pe omit warnings). 要么在你的代码中期待它(通常是可取的,请参阅我的例子,尝试使用try ... catch)或者根据你的需要配置你的环境(省略警告)。
解决方案3
1 2011-11-24 13:14:04
At first, you should edit php.ini to disable the output of warnings and error messages to the user, so these users don't see the error. 首先,您应该编辑php.ini以禁用向用户输出警告和错误消息,因此这些用户不会看到错误。 At least for production systems this is recommended. 至少对于生产系统,建议这样做。
Then, you should be able to check the return value of the function. 然后,您应该能够检查函数的返回值。 According to http://de.php.net/manual/en/function.imagecreatefromjpeg.php , it is supposed to return false if it cannot open the file you supplied. 根据http://de.php.net/manual/en/function.imagecreatefromjpeg.php ,如果无法打开您提供的文件,则应返回false。
Additionally, with exception handling ( see http://www.php.net/manual/en/language.exceptions.php ), you can catch and process error messages and warnings like the one you posted above. 此外,通过异常处理(请参阅http://www.php.net/manual/en/language.exceptions.php ),您可以捕获并处理上面发布的错误消息和警告。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.