用PHP验证化身图像
我在用PHP验证化身图像,php,image,validation,file-upload,Php,Image,Validation,File Upload,我在MySQL数据库中有一个名为photo的列,类型为mediumblob,它可以是NULL 这应该表示一张显示在web应用程序右上角的员工的小照片 新员工通过表单插入到MySQL数据库 <form action="insert" method="post" enctype="multipart/form-data"> ... <label for="photo">Photo<
MySQLmediumblobNULLMySQL<form action="insert" method="post" enctype="multipart/form-data">
...
<label for="photo">Photo</label>
<input type="file" name="photo">
...
</form>
第二点完全不完整(不安全):
例如,添加扩展检查:
第2点的更多安全提示:
第3点和第4点可以用
getimagesize()filesize()用于第1点
第二点完全不完整(不安全):
例如,添加扩展检查:
第2点的更多安全提示:
第3点和第4点可以用
getimagesize()filesize()对于条件3,u可以使用:
$filesize = filesize($filename);
u get size of the file in bytes.
For condition 4 u can use:
list($width, $height) = getimagesize($_FILES['photo']['tmp_name']);
where $width and $height is the dimension of image.
$filesize = filesize($filename);
u get size of the file in bytes.
For condition 4 u can use:
list($width, $height) = getimagesize($_FILES['photo']['tmp_name']);
where $width and $height is the dimension of image.
您的代码还可以,只需添加以下行即可满足所有需求:
$image="";
if (isset($_FILES["photo"]) && $_FILES["photo"]["error"] < 1){
$file = $_FILES['photo']['tmp_name'];
$imageInfo = getimagesize($file);
if(is_array($imageInfo)){
if($imageInfo[0]>30 && $imageInfo[0]<257 && $imageInfo[1]>30 && $imageInfo[1]<257){
//$imageInfo[0] is width and $imageInfo[1] is height, you can set limit according to your need. I set it to MIN: 31*31 AND MAX 256*256
// if you want square image then add " && $imageInfo[0]=$imageInfo[1]" in above-if-clause
$imageSize=filesize($file); //returns bytes in integer
if($imageSize> 250 && $imageSize<20481) // image size should be less then 20kb
$image = addslashes(file_get_contents($file));
else echo "Image file should not grater then 20 KB.";
}
else echo "Image dimension(width*height) should be 31*31 to 256*256.";
}
else echo "Wrong file. Upload a Image file.";
}
else echo "No file uploaded or Error in file uploaded.";
if(trim($image)==""){
//display form again
}
$image=”“;
如果(isset($\u文件[“照片])&&&$\u文件[“照片”][“错误”]<1){
$file=$_文件['photo']['tmp_name'];
$imageInfo=getimagesize($file);
if(is_数组($imageInfo)){
如果($imageInfo[0]>30&&$imageInfo[0]30&&&$imageInfo[1]250&&$imageSize您的代码正常,您只需添加以下行即可满足所有要求:
$image="";
if (isset($_FILES["photo"]) && $_FILES["photo"]["error"] < 1){
$file = $_FILES['photo']['tmp_name'];
$imageInfo = getimagesize($file);
if(is_array($imageInfo)){
if($imageInfo[0]>30 && $imageInfo[0]<257 && $imageInfo[1]>30 && $imageInfo[1]<257){
//$imageInfo[0] is width and $imageInfo[1] is height, you can set limit according to your need. I set it to MIN: 31*31 AND MAX 256*256
// if you want square image then add " && $imageInfo[0]=$imageInfo[1]" in above-if-clause
$imageSize=filesize($file); //returns bytes in integer
if($imageSize> 250 && $imageSize<20481) // image size should be less then 20kb
$image = addslashes(file_get_contents($file));
else echo "Image file should not grater then 20 KB.";
}
else echo "Image dimension(width*height) should be 31*31 to 256*256.";
}
else echo "Wrong file. Upload a Image file.";
}
else echo "No file uploaded or Error in file uploaded.";
if(trim($image)==""){
//display form again
}
$image=”“;
如果(isset($\u文件[“照片])&&&$\u文件[“照片”][“错误”]<1){
$file=$_文件['photo']['tmp_name'];
$imageInfo=getimagesize($file);
if(is_数组($imageInfo)){
如果($imageInfo[0]>30&&$imageInfo[0]30&&$imageInfo[1]250&&$imageSize,下面是一些打包到代码中的有用提示:
$upload_error = isset( $_FILES['photo']['error'] ) ? $_FILES['photo']['error'] : UPLOAD_ERR_NO_FILE;
if ($upload_error == UPLOAD_ERR_NO_FILE) {
// 1) No file uploaded
$image = null; // I changed the empty string into a null, to avoid the mediumblob allocating space for the empty string
} elseif ($upload_error) {
// 5) You forgot to check if the file upload failed
switch ($upload_error) {
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
$message = "file_too_big";
break;
case UPLOAD_ERR_PARTIAL:
$message = "upload_not_complete";
break;
case UPLOAD_ERR_EXTENSION:
$message = "bad_file_extension";
break;
case UPLOAD_ERR_NO_TMP_DIR:
case UPLOAD_ERR_CANT_WRITE:
$message = "internal_upload_error";
break;
default:
$message = "unknown_upload_error";
break;
}
header("Location: form.php?error=$message"); // Load form again and show error
exit;
} else {
$file = $_FILES['photo']['tmp_name'];
$file_size = $_FILES['photo']['size'];
if ($file_size > 5242880) { // 5 Megabyte for example, but always less than 16 Megabytes, because you use mediumblob
// 3) The image size is not suitable for this purpose
header("Location: form.php?error=file_too_big"); // Load form again and show error
exit;
}
$image_size = getimagesize($file);
if ($image_size) {
$width = $image_size[0];
$height = $image_size[1];
if ($width < 100 || $width > 1000 || $height < 100 || $height > 1000) {
// 4) Image dimensions are not suitable. Width/height are not between 100 and 1000 pixels
header("Location: form.php?error=dimensions_not_ok"); // Load form again and show error
exit;
}
} else {
// 2) Not an image type
header("Location: form.php?error=not_an_image"); // Load form again and show error
exit;
}
$image = file_get_contents($file);
}
// now escape $image and save it to the database
// But I suggest you not use addslashes() to escape binary data
// Use parameterized queries / mysqli_real_escape_string() / mysql_real_escape_string() instead
$upload\u error=isset($\u FILES['photo']['error'])?$\u FILES['photo']['error']:upload\u ERR\u NO\u FILE;
如果($upload\U error==upload\U ERR\U NO\U文件){
//1)未上载任何文件
$image=null;//我将空字符串更改为null,以避免mediumblob为空字符串分配空间
}elseif($upload\u错误){
//5)您忘记检查文件上传是否失败
开关($upload\U错误){
案例上传\错误\初始大小:
案例上传错误表单大小:
$message=“文件太大”;
打破
案例上传错误部分:
$message=“上传未完成”;
打破
案例上传错误扩展名:
$message=“文件扩展名不正确”;
打破
案例上传\u错误\u否\u TMP\u目录:
案例上传\错误\无法写入:
$message=“内部上传错误”;
打破
违约:
$message=“未知\上传\错误”;
打破
}
header(“Location:form.php?error=$message”);//再次加载表单并显示错误
出口
}否则{
$file=$_文件['photo']['tmp_name'];
$file\u size=$\u文件['photo']['size'];
例如,如果($file_size>5242880){//5 MB,但始终小于16 MB,因为您使用的是mediumblob
//3)图像大小不适合此用途
header(“Location:form.php?error=file_too_big”);//再次加载表单并显示错误
出口
}
$image\u size=getimagesize($file);
如果($image\u size){
$width=$image_size[0];
$height=$image_size[1];
如果($width<100 | |$width>1000 | |$height<100 | |$height>1000){
//4)图像尺寸不合适。宽度/高度不在100到1000像素之间
header(“Location:form.php?error=dimensions_not_ok”);//再次加载表单并显示错误
出口
}
}否则{
//2)不是图像类型
header(“Location:form.php?error=not_an_image”);//再次加载表单并显示错误
出口
}
$image=file\u get\u contents($file);
}
//现在转义$image并将其保存到数据库中
//但我建议您不要使用addslashes()来转义二进制数据
//改用参数化查询/mysqli\u real\u escape\u string()/mysql\u real\u escape\u string()
以下是一些包含在代码中的有用提示:
$upload_error = isset( $_FILES['photo']['error'] ) ? $_FILES['photo']['error'] : UPLOAD_ERR_NO_FILE;
if ($upload_error == UPLOAD_ERR_NO_FILE) {
// 1) No file uploaded
$image = null; // I changed the empty string into a null, to avoid the mediumblob allocating space for the empty string
} elseif ($upload_error) {
// 5) You forgot to check if the file upload failed
switch ($upload_error) {
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
$message = "file_too_big";
break;
case UPLOAD_ERR_PARTIAL:
$message = "upload_not_complete";
break;
case UPLOAD_ERR_EXTENSION:
$message = "bad_file_extension";
break;
case UPLOAD_ERR_NO_TMP_DIR:
case UPLOAD_ERR_CANT_WRITE:
$message = "internal_upload_error";
break;
default:
$message = "unknown_upload_error";
break;
}
header("Location: form.php?error=$message"); // Load form again and show error
exit;
} else {
$file = $_FILES['photo']['tmp_name'];
$file_size = $_FILES['photo']['size'];
if ($file_size > 5242880) { // 5 Megabyte for example, but always less than 16 Megabytes, because you use mediumblob
// 3) The image size is not suitable for this purpose
header("Location: form.php?error=file_too_big"); // Load form again and show error
exit;
}
$image_size = getimagesize($file);
if ($image_size) {
$width = $image_size[0];
$height = $image_size[1];
if ($width < 100 || $width > 1000 || $height < 100 || $height > 1000) {
// 4) Image dimensions are not suitable. Width/height are not between 100 and 1000 pixels
header("Location: form.php?error=dimensions_not_ok"); // Load form again and show error
exit;
}
} else {
// 2) Not an image type
header("Location: form.php?error=not_an_image"); // Load form again and show error
exit;
}
$image = file_get_contents($file);
}
// now escape $image and save it to the database
// But I suggest you not use addslashes() to escape binary data
// Use parameterized queries / mysqli_real_escape_string() / mysql_real_escape_string() instead
$upload\u error=isset($\u FILES['photo']['error'])?$\u FILES['photo']['error']:upload\u ERR\u NO\u FILE;
如果($upload\U error==upload\U ERR\U NO\U文件){
//1)未上载任何文件
$image=null;//我将空字符串更改为null,以避免mediumblob为空字符串分配空间
}elseif($upload\u错误){
//5)您忘记检查文件上传是否失败
开关($upload\U错误){
案例上传\错误\初始大小:
案例上传错误表单大小:
$message=“文件太大”;
打破
案例上传错误部分:
$message=“上传未完成”;
打破
案例上传错误扩展名:
$message=“文件扩展名不正确”;
打破
案例上传\u错误\u否\u TMP\u目录:
案例上传\错误\无法写入:
$message=“内部上传错误”;
打破
违约:
$message=“未知\上传\错误”;
打破
}
header(“Location:form.php?error=$message”);//再次加载表单并显示错误
出口
}否则{
$file=$_文件['photo']['tmp_name'];
$file\u size=$\u文件['photo']['size'];
例如,如果($file_size>5242880){//5 MB,但始终小于16 MB,因为您使用的是mediumblob
//3)图像大小不适合此用途
header(“Location:form.php?error=file_too_big”);//再次加载表单并显示错误
出口
}
$image\u size=getimagesize($file);
如果($image\u size){
$width=$image_size[0];
$height=$image_size[1];
如果($width<100 | |$width>1000 | |$height<100 | |$height>1000){
//4)图像尺寸不合适。宽度/高度不在100到1000像素之间
header(“Location:form.php?error=dimensions_not_ok”);//再次加载表单并显示错误
出口
}
}否则{
//2)不是图像类型