PHWinfo - Afficher un message

11/06/2007, 16h46

At Mon, 11 Jun 2007 11:02:56 +0200, iktorn let h(is|er) monkeys type:

> Schraalhans Keukenmeester wrote:

>> You'll have to test for extension first, and then assert what's sent
>> actually is what it claims to be. A safe way would be to apply the
>> appropriate imagecreatefrom(jpg|gif|bmp|png) etc functions provided by the
>> gd library.
>
> Much better way imho is to use getimagesize
> (http://pl2.php.net/manual/en/function.getimagesize.php)
> to check if its a valid image file.
>
> Additionally you can check extension of uploaded file.

I haven't been able to test if the getimagesize() function can be fooled
easily. If not, it's probably quicker than using imagecreatefromFORMAT()
and therefor a better choice indeed. Great suggestion, it's the PHP manual
suggested way of checking for valid images I noticed. It doesn't give much
explanation though.

--
Schraalhans Keukenmeester - schraalhans@the.Spamtrapexample.nl
[Remove the lowercase part of Spamtrap to send me a message]

"strcmp('apples','oranges') < 0"

11/06/2007, 16h46	#4
Schraalhans Keukenmeester Messages: n/a Hébergeur:	Re: Image upload php script. At Mon, 11 Jun 2007 11:02:56 +0200, iktorn let h(is\|er) monkeys type: > Schraalhans Keukenmeester wrote: >> You'll have to test for extension first, and then assert what's sent >> actually is what it claims to be. A safe way would be to apply the >> appropriate imagecreatefrom(jpg\|gif\|bmp\|png) etc functions provided by the >> gd library. > > Much better way imho is to use getimagesize > (http://pl2.php.net/manual/en/function.getimagesize.php) > to check if its a valid image file. > > Additionally you can check extension of uploaded file. I haven't been able to test if the getimagesize() function can be fooled easily. If not, it's probably quicker than using imagecreatefromFORMAT() and therefor a better choice indeed. Great suggestion, it's the PHP manual suggested way of checking for valid images I noticed. It doesn't give much explanation though. -- Schraalhans Keukenmeester - schraalhans@the.Spamtrapexample.nl [Remove the lowercase part of Spamtrap to send me a message] "strcmp('apples','oranges') < 0"