How to validate if uploaded file is an image? [file sent via HTML5's File API, received via php://input]

Question

I'm working with the HTML5's File API (tutorial here) and I need to validate whether a file is an image or not. The main issue is that with a normal upload, I could call getimagesize() and as the parameter, the path to the temporary file -- and then decide to store it on the server or not.

However, with the File Upload API, the files are received with php://input, which returns the actual bits of the transfer.

What's the best way to validate in this situation? Do I have to store the bits to a physical location and then validate it and delete it afterwards or is it a better way?

Thanks.

score 1 · Accepted Answer · answered Apr 24 '11 at 00:01

If it's an image will you store it on disk? If yes, then I'd say the best way would be to create a temporary file, write the data and then check if it's an image with the regular functions, if it is move the temporary file to the final destination, otherwise just delete it.

If for some reason you don't want to do this you can check for magic numbers in the incoming data (here is a more complete list). However bare in mind that this is more likely to fail than the usual solutions.

Yeah, I guess that would be the only way. I don't think the magic numbers would be a good, safe solution. Thanks. — metrobalderas, Apr 24 '11 at 20:02

How to validate if uploaded file is an image? [file sent via HTML5's File API, received via php://input]

1 Answers1

Linked