How to tell if uploading a file is a picture or is it safe

Source: Internet
Author: User
Tags phpinfo
How to tell if uploading a file is a picture or is it safe
How to tell if uploading a file is a picture or is it safe
------Solution--------------------
Usually through the file name of the original suffix to upload the document when the identification, and then save the corresponding type, as long as the security is not executable files are basically safe, do not know what you want to ask is what security.
------Solution--------------------
$_files["File" ["type"]--you can determine the type of file being uploaded.

As for security, see what your standards are.
------Solution--------------------
Do not believe in any incoming things, or you will swallow the bitter fruit of credulity.
What do you think of this picture?
$im = Imagecreate (a);
$color = Imagecolorallocate ($im, 255, 0, 0);
Imagegif ($im, ' 1.gif ');
$s =<<< TXT
Phpinfo ();
?>
TXT;
File_put_contents (' 1.gif ', $s, file_append);
Print_r (getimagesize (' 1.gif '));
Echo ';
Include ' 1.gif ';

------Solution--------------------
Use Mime_content_type to check the type
http://php.net/manual/zh/function.mime-content-type.php

I usually use ImageMagick to rotate the picture.
------Solution--------------------
Reference:
do not trust any incoming things, or you will swallow the bitter fruit of the swallow.
What do you think of this picture?
$im = Imagecreate (a);
$color = Imagecolorallocate ($im, 255, 0, 0);
Imagegif ($im, ' 1.gif ');
$s =<<< TXT
Phpinfo ();
?>
TXT;
File_put_contents (' 1.gif ', $s, file_append);
Print_r (getimagesize (' 1.gif '));
Echo ';
Include ' 1.gif ';


I tested your code, PHPINFO () executed, but who would go to include a picture?
Such a picture will never be executed, right?
  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.