在php中上传文件之前检查图片文件的类型和大小 [英] Check picture file type and size before file upload in php
问题描述
我有以下代码:
$filecheck = basename($_FILES['imagefile']['name']);
$ext = substr($filecheck, strrpos($filecheck, '.') + 1);
if (($ext == "jpg" || $ext == "gif" || $ext == "png") && ($_FILES["imagefile"]["type"] == "image/jpeg" || $_FILES["imagefile"]["type"] == "image/gif" || $_FILES["imagefile"]["type"] == "image/png") &&
($_FILES["imagefile"]["size"] < 2120000)){
} else {
echo "F2";
die();
}
我需要做的是检查上传的文件是否为jpg/gif/png且其大小小于2兆.
What i need to do is check if the uploaded file is a jpg/gif/png and that its less than 2 megs in size.
如果它大于2兆,或者不是正确的文件类型,我需要返回/回显F2(api的错误代码).
If its larger than 2 megs, or not the right file type, i need to return/echo F2 (error code for api).
当我使用上面的代码处理70k jpg文件时,它返回F2.
When i use the code above to process a 70k jpg file, it returns F2.
SUBNOTE 我上传的图片的扩展名为.JPG.案件可能是一个因素吗?如果是这样,我该如何容纳?
SUBNOTE the picture im uploading has an extension of .JPG. Could case be a factor? If so, how do i accommodate for that?
推荐答案
请注意,您可能不想依靠文件扩展名来确定文件类型.例如,某人上传具有.png
扩展名的可执行文件会非常容易.恶意客户端也很容易伪造mime类型,以将其作为图像传递. 依赖该信息会带来安全风险.
Note that you might not want to rely on file extensions to determine file type. It would be rather easy for someone to upload an executable file with a .png
extension for example. A mime-type can also easily be forged by a malicious client to pass as an image. Relying on that information is a security risk.
> PHP文档:
文件的MIME类型(如果浏览器提供了此信息).一个例子是"image/gif".但是,不会在PHP端检查此mime类型,因此不要认为它的值是理所当然的.
PHP Documentation:
The mime type of the file, if the browser provided this information. An example would be "image/gif". This mime type is however not checked on the PHP side and therefore don't take its value for granted.
尝试使用gd
( getimagesize()
)加载图像,以确保它们实际上是有效的图像(不仅是随机文件以图像文件的标题为开头... finfo_file
依赖于这些标题).
Try loading the images with gd
(getimagesize()
) to make sure they are actually valid images (and not just random files pretended with the header of an image file... finfo_file
relies on those headers).
if($_FILES["imagefile"]["size"] >= 2120000) {
echo "F2";
die();
} else {
$imageData = @getimagesize($_FILES["imagefile"]["tmp_name"]);
if($imageData === FALSE || !($imageData[2] == IMAGETYPE_GIF || $imageData[2] == IMAGETYPE_JPEG || $imageData[2] == IMAGETYPE_PNG)) {
echo "F2";
die();
}
}
如果您确实必须使用扩展名来验证文件是否为图像,请使用 strtolower()
进行放置扩展名转换为小写.
If you really must use the extension to verify if the file is an image, use strtolower()
to put the extension into lowercase.
$filecheck = basename($_FILES['imagefile']['name']);
$ext = strtolower(substr($filecheck, strrpos($filecheck, '.') + 1));
if (!(($ext == "jpg" || $ext == "gif" || $ext == "png") && ($_FILES["imagefile"]["type"] == "image/jpeg" || $_FILES["imagefile"]["type"] == "image/gif" || $_FILES["imagefile"]["type"] == "image/png") &&
($_FILES["imagefile"]["size"] < 2120000))){
echo "F2";
die();
}
这篇关于在php中上传文件之前检查图片文件的类型和大小的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!