在php中上传文件之前检查图片文件的类型和大小 [英] Check picture file type and size before file upload in php

问题描述

我有以下代码:

$filecheck = basename($_FILES['imagefile']['name']);
  $ext = substr($filecheck, strrpos($filecheck, '.') + 1);
  if (($ext == "jpg" || $ext == "gif" || $ext == "png") && ($_FILES["imagefile"]["type"] == "image/jpeg" || $_FILES["imagefile"]["type"] == "image/gif" || $_FILES["imagefile"]["type"] == "image/png") && 
    ($_FILES["imagefile"]["size"] < 2120000)){
} else {
echo "F2";
die();
}

我需要做的是检查上传的文件是否为jpg/gif/png且其大小小于2兆.

What i need to do is check if the uploaded file is a jpg/gif/png and that its less than 2 megs in size.

如果它大于2兆，或者不是正确的文件类型，我需要返回/回显F2(api的错误代码).

If its larger than 2 megs, or not the right file type, i need to return/echo F2 (error code for api).

当我使用上面的代码处理70k jpg文件时，它返回F2.

When i use the code above to process a 70k jpg file, it returns F2.

SUBNOTE 我上传的图片的扩展名为.JPG.案件可能是一个因素吗?如果是这样，我该如何容纳?

SUBNOTE the picture im uploading has an extension of .JPG. Could case be a factor? If so, how do i accommodate for that?

推荐答案

请注意，您可能不想依靠文件扩展名来确定文件类型.例如，某人上传具有.png扩展名的可执行文件会非常容易.恶意客户端也很容易伪造mime类型，以将其作为图像传递. 依赖该信息会带来安全风险.

Note that you might not want to rely on file extensions to determine file type. It would be rather easy for someone to upload an executable file with a .png extension for example. A mime-type can also easily be forged by a malicious client to pass as an image. Relying on that information is a security risk.

> PHP文档:
文件的MIME类型(如果浏览器提供了此信息).一个例子是"image/gif".但是，不会在PHP端检查此mime类型，因此不要认为它的值是理所当然的.

PHP Documentation:
The mime type of the file, if the browser provided this information. An example would be "image/gif". This mime type is however not checked on the PHP side and therefore don't take its value for granted.

尝试使用gd( getimagesize() )加载图像，以确保它们实际上是有效的图像(不仅是随机文件以图像文件的标题为开头... finfo_file依赖于这些标题).

Try loading the images with gd (getimagesize()) to make sure they are actually valid images (and not just random files pretended with the header of an image file... finfo_file relies on those headers).

if($_FILES["imagefile"]["size"] >= 2120000) {
  echo "F2";
  die();
} else {
    $imageData = @getimagesize($_FILES["imagefile"]["tmp_name"]);

    if($imageData === FALSE || !($imageData[2] == IMAGETYPE_GIF || $imageData[2] == IMAGETYPE_JPEG || $imageData[2] == IMAGETYPE_PNG)) {
      echo "F2";
      die();
    }
}

---

如果您确实必须使用扩展名来验证文件是否为图像，请使用 strtolower() 进行放置扩展名转换为小写.

---

If you really must use the extension to verify if the file is an image, use strtolower() to put the extension into lowercase.

$filecheck = basename($_FILES['imagefile']['name']);
$ext = strtolower(substr($filecheck, strrpos($filecheck, '.') + 1));

if (!(($ext == "jpg" || $ext == "gif" || $ext == "png") && ($_FILES["imagefile"]["type"] == "image/jpeg" || $_FILES["imagefile"]["type"] == "image/gif" || $_FILES["imagefile"]["type"] == "image/png") && 
    ($_FILES["imagefile"]["size"] < 2120000))){
    echo "F2";
    die();
}

这篇关于在php中上传文件之前检查图片文件的类型和大小的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！