blocks|key|618547|text|切勿使用$_FILES..['type']。它包含的信息根本没有被验证，它是一个用户定义的值。自己测试这个类型。对于图像，exif_imagetype通常是一个很好的选择：|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|618548|$allowedTypes+=+array(IMAGETYPE_PNG,+IMAGETYPE_JPEG,+IMAGETYPE_GIF);
$detectedType+=+exif_imagetype($_FILES['fupload']['tmp_name']);
$error+=+!in_array($detectedType,+$allowedTypes);|code-block|syntax|javascript|618549|或者，如果您的服务器支持finfo+functions，那么它们是很好的。|618550|entityMap|0|LINK|mutability|MUTABLE|url|http://php.net/manual/en/function.exif-imagetype.php|1|http://php.net/manual/en/ref.fileinfo.php^0|4|H|1P|E|1P|E|0|0|0|C|5|C|F|1|0^^$0|@$1|2|3|4|5|6|7|W|8|@$9|X|A|Y|B|C]|$9|Z|A|10|B|C]]|D|@$9|11|A|12|1|13]]|E|$]]|$1|F|3|G|5|H|7|14|8|@]|D|@]|E|$I|J]]|$1|K|3|L|5|6|7|15|8|@$9|16|A|17|B|C]]|D|@$9|18|A|19|1|1A]]|E|$]]|$1|M|3|-4|5|6|7|1B|8|@]|D|@]|E|$]]]|N|$O|$5|P|Q|R|E|$S|T]]|U|$5|P|Q|R|E|$S|V]]]]

Never use <code>$_FILES..['type']</code>. The information contained in it is not verified at all, it's a user-defined value. Test the type yourself. For images, <a href="http://php.net/manual/en/function.exif-imagetype.php" rel="noreferrer"><code>exif_imagetype</code></a> is usually a good choice:

<pre><code>$allowedTypes = array(IMAGETYPE_PNG, IMAGETYPE_JPEG, IMAGETYPE_GIF);
$detectedType = exif_imagetype($_FILES['fupload']['tmp_name']);
$error = !in_array($detectedType, $allowedTypes);
</code></pre>

Alternatively, the <a href="http://php.net/manual/en/ref.fileinfo.php" rel="noreferrer"><code>finfo</code> functions</a> are great, if your server supports them.

blocks|key|618653|text|除了@deceze之外，您还可以使用finfo()检查非镜像文件的MIME类型：|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|618654|$finfo+=+new+finfo();
$fileMimeType+=+$finfo->file($path+.+$filename,+FILEINFO_MIME_TYPE);|code-block|syntax|javascript|618655|entityMap|0|LINK|mutability|MUTABLE|url|http://php.net/manual/en/book.fileinfo.php^0|I|7|0|0|0^^$0|@$1|2|3|4|5|6|7|Q|8|@]|9|@$A|R|B|S|1|T]]|C|$]]|$1|D|3|E|5|F|7|U|8|@]|9|@]|C|$G|H]]|$1|I|3|-4|5|6|7|V|8|@]|9|@]|C|$]]]|J|$K|$5|L|M|N|C|$O|P]]]]

In addition to @deceze, you may also <a href="http://php.net/manual/en/book.fileinfo.php" rel="noreferrer">finfo()</a> to check the MIME-type of non-image-files:

<pre><code>$finfo = new finfo();
$fileMimeType = $finfo-&gt;file($path . $filename, FILEINFO_MIME_TYPE);
</code></pre>

blocks|key|834349|text|当然你可以用exif检查它是否是一个图像，但我认为更好的方法是用这样的finfo：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|834350|$allowed_types+=+array+(+'application/pdf',+'image/jpeg',+'image/png'+);
$fileInfo+=+finfo_open(FILEINFO_MIME_TYPE);
$detected_type+=+finfo_file(+$fileInfo,+$_FILES['datei']['tmp_name']+);
if+(+!in_array($detected_type,+$allowed_types)+)+{
++++die+(+'Please+upload+a+pdf+or+an+image+'+);
}
finfo_close(+$fileInfo+);|code-block|syntax|javascript|834351|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|I|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|J|8|@]|9|@]|A|$E|F]]|$1|G|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|H|$]]

Sure you could check if it's an image with exif, but a better way I think is to do with finfo like this:

<pre><code>$allowed_types = array ( 'application/pdf', 'image/jpeg', 'image/png' );
$fileInfo = finfo_open(FILEINFO_MIME_TYPE);
$detected_type = finfo_file( $fileInfo, $_FILES['datei']['tmp_name'] );
if ( !in_array($detected_type, $allowed_types) ) {
 die ( 'Please upload a pdf or an image ' );
}
finfo_close( $fileInfo );
</code></pre>

blocks|key|618830|text|在我看来，最好的方法是先使用getimagesize()，然后使用imagecreatefromstring()。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|618831|++++$size+=+getimagesize($filename);
++++if+($size+===+false)+{
++++++++throw+new+Exception("{$filename}:+Invalid+image.");
++++}
++++if+($size[0]+>+2500+%7C%7C+$size[1]+>+2500)+{
++++++++throw+new+Exception("{$filename}:+Image+too+large.");
++++}

++++if+(!$img+=+@imagecreatefromstring(file_get_contents($filename)))+{
++++++++throw+new+Exception("{$filename}:+Invalid+image+content.");
++++}|code-block|syntax|javascript|618832|通过getimagesize()检查可以防止一些DoS攻击，因为我们不必尝试从用户提供的每个文件进行imagecreatefromstring()，无论是非图像文件还是太大的文件。不幸的是，根据PHP+docs不能依赖于检查图像类型的内容。|style|CODE|618833|最后，imagecreatefromstring()尝试将文件作为图像打开--如果打开成功--我们就有了图像。|618834|entityMap|0|LINK|mutability|MUTABLE|url|http://php.net/manual/en/function.getimagesize.php|1|http://php.net/manual/en/function.imagecreatefromstring.php|2|http://php.net/manual/en/function.getimagesize.php#refsect1-function.getimagesize-description^0|E|E|0|X|N|1|0|0|2|E|1E|N|2P|8|2|0|3|N|0^^$0|@$1|2|3|4|5|6|7|10|8|@]|9|@$A|11|B|12|1|13]|$A|14|B|15|1|16]]|C|$]]|$1|D|3|E|5|F|7|17|8|@]|9|@]|C|$G|H]]|$1|I|3|J|5|6|7|18|8|@$A|19|B|1A|K|L]|$A|1B|B|1C|K|L]]|9|@$A|1D|B|1E|1|1F]]|C|$]]|$1|M|3|N|5|6|7|1G|8|@$A|1H|B|1I|K|L]]|9|@]|C|$]]|$1|O|3|-4|5|6|7|1J|8|@]|9|@]|C|$]]]|P|$Q|$5|R|S|T|C|$U|V]]|W|$5|R|S|T|C|$U|X]]|Y|$5|R|S|T|C|$U|Z]]]]

The best way in my opinion is first to use <a href="http://php.net/manual/en/function.getimagesize.php" rel="nofollow noreferrer">getimagesize()</a> followed by <a href="http://php.net/manual/en/function.imagecreatefromstring.php" rel="nofollow noreferrer">imagecreatefromstring()</a>.

<pre><code> $size = getimagesize($filename);
 if ($size === false) {
 throw new Exception("{$filename}: Invalid image.");
 }
 if ($size[0] &gt; 2500 || $size[1] &gt; 2500) {
 throw new Exception("{$filename}: Image too large.");
 }

 if (!$img = @imagecreatefromstring(file_get_contents($filename))) {
 throw new Exception("{$filename}: Invalid image content.");
 }
</code></pre>

Checking by <code>getimagesize()</code> prevents some DoS attacks, because we don't have to try to <code>imagecreatefromstring()</code> from every file provided by the user, either non-image file or file too big. Unfortunately, according to <a href="http://php.net/manual/en/function.getimagesize.php#refsect1-function.getimagesize-description" rel="nofollow noreferrer">PHP docs</a> cannot be relied on for checking image type content.

The <code>imagecreatefromstring()</code> finally tries to open the file as an image - if is succeeds - we have an image.

blocks|key|618916|text|这是一个我经常使用的简单的一行脚本。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|618917|$image+=+"/var/www/Core/temp/image.jpg";
$isImage+=+explode("/",+mime_content_type())[0]+==+"image";|code-block|syntax|javascript|618918|基本上，我使用mime_content_type()来获取类似于"image/jpg“的内容，然后通过"/”将其分解，并检查数组的第一个元素，看看它是否表示"image“。|618919|我希望它能起作用！|618920|entityMap^0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|M|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|N|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|O|8|@]|9|@]|A|$]]|$1|I|3|J|5|6|7|P|8|@]|9|@]|A|$]]|$1|K|3|-4|5|6|7|Q|8|@]|9|@]|A|$]]]|L|$]]

This is a simple, one line script that I use often.

<pre><code>$image = "/var/www/Core/temp/image.jpg";
$isImage = explode("/", mime_content_type())[0] == "image";
</code></pre>

Basically I am using mime_content_type() to get something like "image/jpg" and then exploding it by "/" and checking against the first element of the array to see if it says "image".

I hope it works!

blocks|key|834296|text|在PHP5.5中，我使用这个函数来获取文件类型，并检查图像：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|834297|function+getFileType(+$file+)+{
++++return+image_type_to_mime_type(+exif_imagetype(+$file+)+);
}

//+Get+file+type
$file_type+=+getFileType(+'path/to/images/test.png'+);
echo+$file_type;
//+Prints+image/png
//+1.+All+images+have+mime+type+starting+with+"image"
//+2.+No+other+non-image+mime+types+contain+string+"image"+in+it+|code-block|syntax|javascript|834298|然后你可以这样做：|834299|if+(+strpos(+$filetype,+'image'+)+!==+false+)+{
++++//+This+is+an+image+
}|834300|完整的mime类型列表：http://www.sitepoint.com/web-foundations/mime-types-complete-list/|offset|length|834301|entityMap|0|LINK|mutability|MUTABLE|url|http://www.sitepoint.com/web-foundations/mime-types-complete-list/^0|0|0|0|0|C|1U|0|0^^$0|@$1|2|3|4|5|6|7|W|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|X|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|Y|8|@]|9|@]|A|$]]|$1|I|3|J|5|D|7|Z|8|@]|9|@]|A|$E|F]]|$1|K|3|L|5|6|7|10|8|@]|9|@$M|11|N|12|1|13]]|A|$]]|$1|O|3|-4|5|6|7|14|8|@]|9|@]|A|$]]]|P|$Q|$5|R|S|T|A|$U|V]]]]

In PHP 5.5 I use this function for getting file type and check if image:

<pre><code>function getFileType( $file ) {
 return image_type_to_mime_type( exif_imagetype( $file ) );
}

// Get file type
$file_type = getFileType( 'path/to/images/test.png' );
echo $file_type;
// Prints image/png
// 1. All images have mime type starting with "image"
// 2. No other non-image mime types contain string "image" in it 
</code></pre>

Then you could do:

<pre><code>if ( strpos( $filetype, 'image' ) !== false ) {
 // This is an image 
}
</code></pre>

Complete list of mime types: <a href="http://www.sitepoint.com/web-foundations/mime-types-complete-list/" rel="nofollow">http://www.sitepoint.com/web-foundations/mime-types-complete-list/</a>

blocks|key|834522|text|最后一行很接近。您可以使用：if+(mime_content_type($_FILES['fupload']['tmp_name'])+==+"image/gif"){...|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|834523|在我目前工作的例子中，我的$_FILES..['type']报告自己为“文本/csv”，而mime_content_type()和finfo()+(由其他人建议)报告为“文本/纯文本”。正如@deceze指出的那样，$_FILES..['type']只有在知道客户端认为文件是什么类型时才有用。|834524|entityMap^0|E|21|0|D|H|19|J|1T|7|30|H|0^^$0|@$1|2|3|4|5|6|7|J|8|@$9|K|A|L|B|C]]|D|@]|E|$]]|$1|F|3|G|5|6|7|M|8|@$9|N|A|O|B|C]|$9|P|A|Q|B|C]|$9|R|A|S|B|C]|$9|T|A|U|B|C]]|D|@]|E|$]]|$1|H|3|-4|5|6|7|V|8|@]|D|@]|E|$]]]|I|$]]

That last line is close. You can use:
<code>if (mime_content_type($_FILES['fupload']['tmp_name']) == "image/gif"){...</code>

In the case I'm currently working on, my <code>$_FILES..['type']</code> reports itself as "text/csv", while both <code>mime_content_type()</code> and <code>finfo()</code> (suggested by others) report "text/plain.". As @deceze points out, <code>$_FILES..['type']</code> is only useful to know what type a client thinks a file is.

blocks|key|618976|text|你可以试试这个|type|unstyled|depth|inlineStyleRanges|entityRanges|data|618977|$file_extension+=+explode('.',$file['name']);
$file_extension+=+strtolower(end($file_extension));
$accepted_formate+=+array('jpeg','jpg','png');
if(in_array($file_extension,$accepted_formate))+{+++++++++++
++echo+"This+is+jpeg/jpg/png+file";
}+else+{
++echo+$file_extension.'+This+is+file+not+allowed+!!';
}|code-block|syntax|javascript|618978|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|I|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|J|8|@]|9|@]|A|$E|F]]|$1|G|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|H|$]]

you can try this

<pre><code>$file_extension = explode('.',$file['name']);
$file_extension = strtolower(end($file_extension));
$accepted_formate = array('jpeg','jpg','png');
if(in_array($file_extension,$accepted_formate)) { 
 echo "This is jpeg/jpg/png file";
} else {
 echo $file_extension.' This is file not allowed !!';
}
</code></pre>

I used this code to check for the type of images,

<pre><code>$f_type=$_FILES['fupload']['type'];

if ($f_type== "image/gif" OR $f_type== "image/png" OR $f_type== "image/jpeg" OR $f_type== "image/JPEG" OR $f_type== "image/PNG" OR $f_type== "image/GIF")
{
 $error=False;
}
else
{
 $error=True;
}
</code></pre>

but some users complain they get an error while uploading any type of images, while some others don't get any errors!

I was wondering if this fixes the problem:

<code>if (mime_content_type($_FILES['fupload']['type']) == "image/gif"){...</code>

Any comments?

How to check uploaded file type in PHP

服务器

我用这段代码来检查图像的类型，$f_type=$_FILES['fupload']['type'];if ($f_type== "image/gif" OR $f_type== "image/png" OR $f_type== "image/jpeg" OR $f_type== "image/JPEG" OR $f_type== "image/PNG" OR $f_type== "image/GI

问如何在PHP中检查上传的文件类型
EN

回答 8

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问如何在PHP中检查上传的文件类型EN

回答 8

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问如何在PHP中检查上传的文件类型
EN