Am allowing user to upload multiple image Now my problem is How do i find its only a image or it contains some hack code
Do i need to make a validator or How can i find ??
Because there are many method to hack uploading by image
How do i prevent or protect my website hacking from file upload process, I allow use File input 'accept' attribute
<input type="file" accept="image/*"></label></p>
Will this protect ,,
Can somebody help me to make client-side and server-side validation
No, this is not secure.
Instead, use the server-side PHP function exif_imagetype() to check if it is an image. See the code below:
$allowedTypes = array(IMAGETYPE_PNG, IMAGETYPE_JPEG, IMAGETYPE_GIF);
$detectedType = exif_imagetype($_FILES['fupload']['tmp_name']);
$error = !in_array($detectedType, $allowedTypes);
Find more information here: uploaded file type check by PHP. Alternately, you could use getimagesize().
try this simple client side validation
<script type="text/javascript">
var _validFileExtensions = [".jpg", ".jpeg", ".bmp", ".gif", ".png"];
function Validate(oForm) {
var arrInputs = oForm.getElementsByTagName("input");
for (var i = 0; i < arrInputs.length; i++) {
var oInput = arrInputs[i];
if (oInput.type == "file") {
var sFileName = oInput.value;
if (sFileName.length > 0) {
var blnValid = false;
for (var j = 0; j < _validFileExtensions.length; j++) {
var sCurExtension = _validFileExtensions[j];
if (sFileName.substr(sFileName.length - sCurExtension.length, sCurExtension.length).toLowerCase() == sCurExtension.toLowerCase()) {
blnValid = true;
break;
}
}
if (!blnValid) {
alert("Sorry, " + sFileName + " is invalid, allowed extensions are: " + _validFileExtensions.join(", "));
return false;
}
}
}
}
return true;
}
</script>
Form should look like this:
<form ... onsubmit="return Validate(this);">
and for server side use
if (!in_array($sExt, array('.gif', '.jpg', '.png'))) {
$errors[] = "Image types alowed are (.gif, .jpg, .png) only!";
}
