File upload check
Allows user to upload multiple images Now my problem is how to find its image only or does it contain some hacking code
Do I need to make a validator or how can I find
Because there are many ways to hack image upload
How can I prevent or protect my site from being hacked in the file upload process, I allow the "accept" attribute to enter the file
<input type="file" accept="image/*"></label></p>
Will it protect
Can anyone help me to do client side and server side validation
No, it is not safe.
Instead, use a PHP server-side function exif_imagetype()
to check if it is an image. See the code below:
$allowedTypes = array(IMAGETYPE_PNG, IMAGETYPE_JPEG, IMAGETYPE_GIF);
$detectedType = exif_imagetype($_FILES['fupload']['tmp_name']);
$error = !in_array($detectedType, $allowedTypes);
Find more details here: Validate an uploaded file with PHP . Alternatively, you can use getimagesize()
.
source to share
try this simple client side validation
<script type="text/javascript">
var _validFileExtensions = [".jpg", ".jpeg", ".bmp", ".gif", ".png"];
function Validate(oForm) {
var arrInputs = oForm.getElementsByTagName("input");
for (var i = 0; i < arrInputs.length; i++) {
var oInput = arrInputs[i];
if (oInput.type == "file") {
var sFileName = oInput.value;
if (sFileName.length > 0) {
var blnValid = false;
for (var j = 0; j < _validFileExtensions.length; j++) {
var sCurExtension = _validFileExtensions[j];
if (sFileName.substr(sFileName.length - sCurExtension.length, sCurExtension.length).toLowerCase() == sCurExtension.toLowerCase()) {
blnValid = true;
break;
}
}
if (!blnValid) {
alert("Sorry, " + sFileName + " is invalid, allowed extensions are: " + _validFileExtensions.join(", "));
return false;
}
}
}
}
return true;
}
</script>
The form should look like this:
<form ... onsubmit="return Validate(this);">
and for server side use
if (!in_array($sExt, array('.gif', '.jpg', '.png'))) {
$errors[] = "Image types alowed are (.gif, .jpg, .png) only!";
}
source to share