|
|
Posted by J.O. Aho on 09/28/86 11:43
powerx wrote:
> Hi All,
>
> Wonder if you could help me out at all?
> Been learning PHP (with MySQL) and have put together an admin style script
> for my website. As part of the script, I want users to be able to upload
> images (Jpegs) to a max pixel size and file size. I've also been learning
> about the security side of things, which is where I'm coming unstuck.
>
> I understand that I need to check that the uploaded file is actually a Jpeg
> and not rely on the fact that it should be.
> Question is, how do I do this and should I check the file before I move it
> from the $_FILES to the location on my webspace or afterwards.
>
> Any hints, links or code snippets would be appreciated.
> I want to only accept genuine jpegs within the constraints and send an error
> message for all other occurrances.
You need to examine the beginning of the jpeg file and see if the uploaded
file has the data that declares the jpeg version, from the 7th byte you get
the string JFIF for one of the jpeg standards, as there are quite many
different versions you have to check the file for each standard.
I would guess you can find more about the standards at www.jpeg.org
//Aho
Navigation:
[Reply to this message]
|