Home/ Questions/Q 954317
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T00:11:48+00:00

I’ve been building an event promotion site in PHP and MySQL for the past

  • 0

I’ve been building an event promotion site in PHP and MySQL for the past couple of months where anyone can sign up and add their local event’s details along with a poster, which I resize.

As it stands, I’ve got the whole process working fine locally and on a hosting service, but before the site goes live I have a couple of questions on the way I’m doing it.

This is the function code I’m using to handle the image uploads. I check for filesize before this section. 

$extension = substr($filename, strpos($filename,'.'), strlen($filename)-1); 
$filetypes = array('.jpg', '.jpeg', '.gif', '.bmp', '.png', '.JPG', '.PNG', '.JPEG', '.GIF', '.BMP');
if($_FILES['image']['error'] == 4){
  $error = "No image";
  return $error; 
}
else if(($_FILES['image']['error'] == 2) || ($_FILES['image']['error'] == 1)){
  $error = "File size too big";
  return $error;
}
else if(!in_array($extension, $filetypes)){
  $error = "This isn't an image that is supported";
  return $error;
}
else if(($_FILES['image']['error'] == 7) || ($_FILES['image']['error'] == 3)){
  $error = "Error occurred. Try again";
  return $error;
}
else{
  if(($extension == '.jpg') || ($extension == '.jpeg')){
    $source = imagecreatefromjpeg($uploaded);
  }
  else if($extension == '.png'){
    $source = imagecreatefrompng($uploaded);
  }
  else{
    $source = imagecreatefromgif($uploaded);
  }
  list($width, $height) = getimagesize($uploaded);
  $ratio = $width / $height;
  $new_width = 300;
  $new_height = round(300 / $ratio); 
  $canvas = imagecreatetruecolor($new_width, $new_height);
  imagecopyresampled($canvas, $source, 0, 0, 0, 0, $new_width, $new_height, $width,       $height);
  $name = date("dmyHis").rand(0, 9);
  $path = $_SERVER[ 'DOCUMENT_ROOT' ] . '/images/uploaded/'.$name.'.jpg';
  $new_image = imagejpeg($canvas, $path,  100);
  $poster['name'] = $name.'.jpg';
  $poster['width'] = $new_width;
  $poster['height'] = $new_height;
  return $name.'.jpg';
}

As it stands, there are a couple of bugs that I know about, or haven’t fully looked into, such as some images throwing an error from imagecreatefromwhatever, and if the image name has a ‘.’ in it, it’ll also throw an error.

Once the process is done, I’ll save the image name into a ‘poster’ field in MySQL, which will be used to get the correct image from the folder when being viewed.

What I really wanted to know is if there’s any other problems I’m likely to face with image uploads?

  • I’m expecting a fair amount of traffic, so is this code going to run alright with heavy usage?
  • Are there any other pitfalls or things I should be looking out for?
  • Am I using the best method for the job?
  • My filesize limit at the moment is 2MB, is this too high?
  • Even if a user uploads something over 2MB, the script will still run, and I assume the file will be uploaded to the server for name stripping and filesize comparison etc., how will this affect my bandwidth usage?
  • How long do original files stay on the server?

If anyone has any good reading on the subject I would much appreciate it!

Thank you.

edit: Formatting.

edit 2: I didn’t make myself clear about the original files. What I mean is the original files that I use the $_FILES variable to access. Say it’s 1.9MB, will there be 1.9MB’s worth of image sitting on the server the whole time I’m fiddling with the extensions and that? Should I clear this once I’ve created a new image?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The extension as sent by the user in the filename can’t be trusted or relied upon. Some users think changing ‘jpg’ to ‘gif’ makes it a gif, etc.

    I suggest using getimagesize FIRST to check if it’s a valid image and to get the exif type. DOn’t worry about extracting the extension, since it’s useless. The exif type will be in 2 of the array returned by getimagesize.

    Also, CYMK images are a problem. Some people manage to upload CYMK jpegs. Checking channels will detect these images. It should be 3, RGB.

    $image_info=getimagesize($your_image_file);
if($image_info['channels']==4)
  {
  //it's invalid - cymk
  //browsers cannot display these images. It might be possible to convert them to RGB explicitly...
  }

$real_exif=$image_info[2];
if($real_exif>0 && $real_exif<4){
 //it is a png, gif or jpg
 }

    The exif type is returned as a constant like IMAGETYPE_GIF, where numerically, 1 is gif, 2 is jpg, and 3 is png. You can use image_type_to_extension to convert to a text file extension.

    Now, sometimes I found getimagesize failed to find exif type for images that were valid, and could be worked on with imagemagick/GD. It was failing to return an EXIF for these, so they were incorrectly rejected. I came up with this vile hack to at least detect the type and give them a try…

      $handle=@fopen($temp_name,'r');
  if($handle)
    {
    $chars=fread($handle,24);
    if(stripos($chars,'jfif')!==false)
        {$type=2;} // found a jpg
    elseif(stripos($chars,'png')!==false)
      {$type=3;} // found a png
    elseif(stripos($chars,'gif')!==false)
      {$type=1;} // found a gif
    else
      {
      //file type could not be determined
      }
    }
    • 0