|
|
Posted by Kenoli on 06/11/07 16:24
This link says a bit more about this function:
http://www.phpfreaks.com/phpmanual/page/function.getimagesize.html
This seems to be the key (from that page):
"If accessing the filename image is impossible, or if it isn't a valid
picture, getimagesize() will return FALSE and generate an error of
level E_WARNING."
--Kenoli
On Jun 11, 8:46 am, Schraalhans Keukenmeester
<Schraalh...@the.spamtrapexample.nl> wrote:
> At Mon, 11 Jun 2007 11:02:56 +0200, iktorn let h(is|er) monkeys type:
>
> > Schraalhans Keukenmeester wrote:
> >> You'll have to test for extension first, and then assert what's sent
> >> actually is what it claims to be. A safe way would be to apply the
> >> appropriate imagecreatefrom(jpg|gif|bmp|png) etc functions provided by the
> >> gd library.
>
> > Much better way imho is to use getimagesize
> > (http://pl2.php.net/manual/en/function.getimagesize.php)
> > to check if its a valid image file.
>
> > Additionally you can check extension of uploaded file.
>
> I haven't been able to test if the getimagesize() function can be fooled
> easily. If not, it's probably quicker than using imagecreatefromFORMAT()
> and therefor a better choice indeed. Great suggestion, it's the PHP manual
> suggested way of checking for valid images I noticed. It doesn't give much
> explanation though.
>
> --
> Schraalhans Keukenmeester - schraalh...@the.Spamtrapexample.nl
> [Remove the lowercase part of Spamtrap to send me a message]
>
> "strcmp('apples','oranges') < 0"
Navigation:
[Reply to this message]
|