Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Simple validation function to confirm that an image is actually an image, not a malicious .gif or .php file.
function validate($upload){ // Must be a $_FILES array
if($upload['size'] == 0) return "Image not uploaded correctly.";
if($upload['size'] > 2097152){ // Measured in bytes, this is equal to 2MB
$filesize = $upload['size']/1048576; // Converts from bytes to Megabytes
return "The image you uploaded has a filesize that is too large. Please reduce your image to < 2MB. It is currently ".$filesize."MB.";
if(($upload['type'] != "image/gif" || "image/jpeg" || "image/png") || ($this->imageinfo['mime'] != "image/gif" || "image/jpeg" || "image/png"))
return "Uploads of that file type are not allowed. You need a jpg, png, or gif image.";
$blacklist = array(".php", ".phtml", ".php3", ".php4", ".ph3", ".ph4");
foreach ($blacklist as $item) {
if(preg_match("/$item\$/i", $upload['name']))
return "Uploads with that file extension are not allowed. You need an image ending in .jpg, .png, or .gif";
return true; // Validates
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment