How to safely upload an image to server?


Warning: count(): Parameter must be an array or an object that implements Countable in /home/styllloz/public_html/qa-theme/donut-theme/qa-donut-layer.php on line 274
0 like 0 dislike
23 views
Interested in the question of how to most safely upload image to server?
I have the following code:


The point is that when you select an image, I'm using jQuery work with it and immediately bring you a preview of this image in the background:
$('#avatarchange').change( function(event) { var tmppath = URL.createObjectURL(event.target.files[0]); $('.file-upload span').text('Photo uploaded'); setTimeout(avatarOk, 3000); $(".img").attr('style','background: url('+URLS.createObjectURL(event.target.files[0])+') no-repeat center center / cover;'); });


And I would want that at the moment .change performed a post request to the php script which will upload an image to the server. Please tell me how it is better and safer to do it?
by | 23 views

3 Answers

0 like 0 dislike
On the PHP side to miss the resulting file using GD library.
If necessary, reduce the quality of the output file, and passing to generate a preview by sending it back to client (+ confirming receipt by the server).
Keep in mind, will have to increase the available amount of memory for a single PHP process.
In my experience, to GD swallowed a 16 megapixel image, you need 128 MB of RAM.
GD fed before being weighed with also().
If this is not done, and in excess of the limit to pay for processing the library, the script silently stops without telling the client anything, and so you can generate a message that the file is large.
by
0 like 0 dislike
Of course, you need to check mime type, check the validity of the pictures, at least also, a function(), and do resize(). All of this can be if you want to Google.
That doesn't usually write so it's about the load on the server when processing the images.
I recommend to load images as is (limiting only the size of the file), while if the images are not loaded at the same time, you can also Lok to hang. Continue to process them is already a separate process asynchronously (for example a crown or a queue Manager).
by
0 like 0 dislike
1) do Not trust anything that arrives in $_FILES;
2) Check on mime white lists using finfo (immediately and file size);
3) Check the extension of $_FILES on the white list, to map to mime;
4) create a file name and extension of oneself.
5) Forbid the web server to execute php in a folder where upload is stored;
5.1) ideally, pour everything on a separate server (or a subdomain under a different user) pure statics, where php generally disabled.
by

Related questions

0 like 0 dislike
1 answer
0 like 0 dislike
1 answer
asked Apr 27, 2019 by rusgayfer
0 like 0 dislike
1 answer
0 like 0 dislike
1 answer
0 like 0 dislike
6 answers
110,608 questions
257,187 answers
0 comments
40,796 users