im writing an script that resize and crops the uploaded images.
all valid files are ok...
but some of my visitors are trying to upload non-valid ones.. for example the file extension is jpg, but in fact its a tiff file .. the uploading file's extension looks gif, but in its exif details writes 'its a jpg'.. etc..
As you can imagine, imagecreatefromXX() functions are all giving error in that case (its not a valid jpg etc)..
do you have any idea, how may i solve this problem?
how must i modify my recent codes?
switch($type) {
case 'gif':
$img = imagecreatefromgif($source);
break;
case 'jpg':
case 'JPEG':
case 'jpeg':
$img = imagecreatefromjpeg($source);
break;
case 'png':
$img = imagecreatefrompng($source);
break;
}
Your best bet would probably be to modify the code that sets $type, rather than the code you've shared (though John Conde's suggestion to have a default case is a good one), and use something like exif_imagetype (which your question suggests might already be in play) to determine the type, rather than trusting the extension (which you may even want to change to the appropriate type when writing the file): the extension is user-supplied data, and as such, the least likely to be accurate and/or useful.
e.g.
$type = exif_imagetype($source);
switch ($type){
case IMAGETYPE_GIF:
$img = imagecreatefromgif($source);
break;
case IMAGETYPE_JPG:
$img = imagecreatefromjpeg($source);
break;
case IMAGETYPE_PNG:
... etc ...
default:
//Fail Gracefully
}
Related
I am using below code for file upload but it do not work in case of doc and excel file
switch(strtolower($ImageType))
{
case 'image/png':
case 'image/gif':
case 'application/pdf':
case 'image/jpeg':
case 'video/avi':
case 'video/mp4':
case 'image/pjpeg':
case 'application/msword':
case 'application/vnd.ms-excel':
break;
default:
die('Unsupported File!'); //output error and exit
}
this code work i case of image but when we upload doc file. it show me unsupported file
You are probably missing additional MIME types. Your MIME types are correct for older .doc and .xls files, but not for newer ones.
For .xlsx files use:
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
For .docx files use:
application/vnd.openxmlformats-officedocument.wordprocessingml.document
This might help you as well:
What is a correct mime type for docx, pptx etc?
What is correct content-type for excel files?
I currently have an image upload input that only accepts PNG, JPG/JPEG, GIF images.
If the file is valid, it then proceeds to create a thumbnail from the image using
imagecreatefrompng()
imagecopy()
imagejpg()
This works fine, but ONLY for png images, obviously.
What is the most logical and efficient way to use "imagecreatefrompng()" except using the proper file format that was submitted? All I can think of is if/else using multiple "imagecreatefrom__()" but that doesn't seem right.
Also, how can my outputted format always be PNG no matter what was submitted instead of the current imagejpg() I have now.
You will have to use a switch and determine the image type like so:
$extension = strtolower(strrchr($file, '.'));
switch ($extension) {
case '.jpg':
case '.jpeg':
$img = #imagecreatefromjpeg($file);
break;
case '.gif':
$img = #imagecreatefromgif($file);
break;
case '.png':
$img = #imagecreatefrompng($file);
break;
default:
$img = false;
break;
}
-EDIT- Didn't see the second part of your question, you just need to save it using imagepng to save it to a PNG, no need to do anything else.
Using imagecreatefromstring( file_get_contents( $filename)) would be the lazy option here.
And if you always want a png output, then just exchanging imagejpg for imagepng would do.
I have an image upload program setup that I made with PHP to allow the public to submit their images. I am having trouble finding a method to make sure the file is actually an image. I'm checking the file type, and also using getimagesize(), amongst other checks but if I rename a text file to become a JPG file my validation allows the file. How can I ensure this is actually an image? I don't want my boss to execute any infected files.
you can use Imagick's identifyImage() command.
if it gives you back image data its an image if it hands back an error or no image data then its not an image. there is a command line version of this tool you can use to: http://www.imagemagick.org/script/identify.php if you do not have php compiled with imagemagick
Check allowed extensions
.gif .jpg .jpeg .png should be allowed
How about to use Exif module's exit-imagetype() function?
http://www.php.net/manual/en/function.exif-imagetype.php
<?php
if (exif_imagetype('image.gif') != IMAGETYPE_GIF) {
echo 'The picture is not a gif';
}
?>
Reproduce the uploaded image using gd. If the image isn't reproduced, it's not an image!
If this function returns false, then it's not a valid image. I haven't worked with any more than jpg, png and gif, so there might be some more image types out there that can fit into this function (bmp?)...
function checkFileType($filetype,$tmp_name)
{
$return_val = false;
switch($filetype){
case 'image/jpg':
case 'image/jpeg':
case 'image/pjpeg':
$return_val = #imagecreatefromjpeg($tmp_name);
break;
case 'image/gif':
$return_val = #imagecreatefromgif($tmp_name);
break;
case 'image/png':
case 'image/x-png':
$return_val = #imagecreatefrompng($tmp_name);
break;
}
return $return_val;
}
Which would be the best way to validate an upload form?
Using the mime type at the moment, but that's not quite working - can't upload mpegs even though am looking for video in the mime type.
Thank you
Tom
This seems to work:
switch (strtolower($_FILES["file"]["type"])){
case "application/msword":
case "application/pdf":
case "application/vnd.ms-excel":
case "application/vnd.ms-powerpoint":
case "application/zip":
case "image/gif":
case "image/jpeg":
case "image/png":
case "image/tiff":
case "text/plain":
case "video/mpeg":
case "video/x-mpeg2":
case "video/msvideo":
case "video/quicktime":
// do it
break;
default:
// don't do it
break;
}
For anyone else this might help have a look at http://www.sfsu.edu/training/mimetype.htm for adding other mime types you might need to check.
I guess you want to check if an uploaded file is a valid video-file. So one thing you can check is the file extension (IE ".mpg" for mpeg video). Because no webframework known to me has an internal video-validation, you have to rely on some external program/library to check if the video file is really a video-file. Maybe FFMPEG is able to do this.
Try something like so:
$mime = strtolower($_FILES["file"]["type"]);
$parts = explode("/",$mime);
switch($parts[0])
{
case 'video':
//Video file, use $parts[1] to check the video subtype
break;
case 'image':
break;
}
I use a script (http://www.webmotionuk.co.uk/php-jquery-image-upload-and-crop-v11/) that handles an image and then create a thumbnail.
Actually I don't want to store images on the file system but I want to store them in a mysql db in a BLOB field.
I could first store the created thumbnail on the fs, store the file in the DB and after i can delete the thumb from FS.
Is there a way to store directly the image on the DB?
This is the function:
function resizeThumbnailImage($thumb_image_name, $image, $width, $height, $start_width, $start_height, $scale){
list($imagewidth, $imageheight, $imageType) = getimagesize($image);
$imageType = image_type_to_mime_type($imageType);
$newImageWidth = ceil($width * $scale);
$newImageHeight = ceil($height * $scale);
$newImage = imagecreatetruecolor($newImageWidth,$newImageHeight);
switch($imageType) {
case "image/gif":
$source=imagecreatefromgif($image);
break;
case "image/pjpeg":
case "image/jpeg":
case "image/jpg":
$source=imagecreatefromjpeg($image);
break;
case "image/png":
case "image/x-png":
$source=imagecreatefrompng($image);
break;
}
imagecopyresampled($newImage,$source,0,0,$start_width,$start_height,$newImageWidth,$newImageHeight,$width,$height);
switch($imageType) {
case "image/gif":
imagegif($newImage,$thumb_image_name);
break;
case "image/pjpeg":
case "image/jpeg":
case "image/jpg":
imagejpeg($newImage,$thumb_image_name,90);
break;
case "image/png":
case "image/x-png":
imagepng($newImage,$thumb_image_name);
break;
}
chmod($thumb_image_name, 0777);
return $thumb_image_name;
}
How to:
Use file_get_contents() on the returned thumbnail, and then write the results to the database blob field.
$image = file_get_contents($thumbnail);
mysql_query("INSERT INTO tblName (fieldName) VALUES ('{$image}')");
But, you may not want to because:
That being said, I would encourage you to really consider what you're doing. Images pulled from the database won't be cached, from my understanding. Additionally, database connections will remain opened for much longer, using more resources. Also, your database size will grow rapidly, making it more laborious to manage migration down the road.
You can store binary data such as an image into a BLOB field in a database. It's as simple as putting the file contents into an INSERT statement. However, I highly suggest you take a look at some of these threads. Storing an image in a database is usually not the best way to go:
User Images: Database or filesystem storage?
Storing images in database: Yea or nay?
Should I store my images in the database or folders?
Would you store binary data in database or folders?
Store pictures as files or or the database for a web app?
Storing a small number of images: blob or fs?
store image in filesystem or database?
As J. Sampson said, it's not a good way to store images, but it is possible. Do as Jonathan said and then get data out of db, something similar to this:
<?php
$query = mysql_query("SELECT * FROM tbl WHERE id = 'blaa';");
$data = mysql_fetch_array($query);
//Then create image with function
imagecreatefromstring($data['imgdata'])
?>