Skip to main content

PHP Image Upload with Size Type Dimension Validation

validate-images
File upload feature requires basic validations to make clean and hygienic the user input. There is a huge chance of exploiting a file upload option with malicious intent. Improper implementation of a file upload input increases security vulnerability. We need to validate the uploaded files before saving them on the server to reduce the vulnerability.


I have created a HTML form and provided an option to upload files. When the form is submitted, the file binaries are sent to the PHP and validated in the server side. I have checked if the uploaded file is an image and I have specified the allowed image extension, size and dimension based on which the validation is taking place. After all these validations have passed, the image file is saved in the target location as specified.
The server-side image file validation takes place in the following aspects.
  • If the file is not empty.
  • If the file extension is one of .jpg, .png, .jpeg.
  • If the file size is less than or 2MB.
  • If the file dimension is within (300X200).

HTML Form with File Input

This form contains file input to allow the user to choose files to be uploaded. On submitting this form, the file data is sent to the PHP to upload it to the target after validation.
<h2>PHP Image Upload with Size Type Dimension Validation</h2>
<form id="frm-image-upload" action="index.php" name='img' method="post"
    enctype="multipart/form-data">
    <div class="form-row">
        <div>Choose Image file:</div>
        <div>
            <input type="file" class="file-input" name="file-input">
        </div>
    </div>

    <div class="button-row">
        <input type="submit" id="btn-submit" name="upload"
            value="Upload">
    </div>
</form>
<?php if(!empty($response)) { ?>
<div class="response <?php echo $response["type"]; ?>
    ">
    <?php echo $response["message"]; ?>
</div>
<?php }?>

PHP Code to Validate and Upload Image File

In PHP, we validate the file type, size and dimension before uploading.  The uploaded file data like name size, temporary target are in $_FILES[“image_file”] array. PHP move_uploaded_file function is used to upload the file by accessing file data stored in $_FILES superglobal.
I used PHP function getimagesize() to get the size information to validate the uploaded image in this regard. I specified the allowed image file extensions in an array and validate the uploaded file extension with this array. You can change this array with other preferable image file extension as your wish. After successful validation, the PHP move_uploaded_file() function is used to save the file in the specified target.
<?php
if (isset($_POST["upload"])) {
    // Get Image Dimension
    $fileinfo = @getimagesize($_FILES["file-input"]["tmp_name"]);
    $width = $fileinfo[0];
    $height = $fileinfo[1];
    
    $allowed_image_extension = array(
        "png",
        "jpg",
        "jpeg"
    );
    
    // Get image file extension
    $file_extension = pathinfo($_FILES["file-input"]["name"], PATHINFO_EXTENSION);
    
    // Validate file input to check if is not empty
    if (! file_exists($_FILES["file-input"]["tmp_name"])) {
        $response = array(
            "type" => "error",
            "message" => "Choose image file to upload."
        );
    }    // Validate file input to check if is with valid extension
    else if (! in_array($file_extension, $allowed_image_extension)) {
        $response = array(
            "type" => "error",
            "message" => "Upload valiid images. Only PNG and JPEG are allowed."
        );
        echo $result;
    }    // Validate image file size
    else if (($_FILES["file-input"]["size"] > 2000000)) {
        $response = array(
            "type" => "error",
            "message" => "Image size exceeds 2MB"
        );
    }    // Validate image file dimension
    else if ($width > "300" || $height > "200") {
        $response = array(
            "type" => "error",
            "message" => "Image dimension should be within 300X200"
        );
    } else {
        $target = "image/" . basename($_FILES["file-input"]["name"]);
        if (move_uploaded_file($_FILES["file-input"]["tmp_name"], $target)) {
            $response = array(
                "type" => "success",
                "message" => "Image uploaded successfully."
            );
        } else {
            $response = array(
                "type" => "error",
                "message" => "Problem in uploading image files."
            );
        }
    }
}
?>

PHP Image Upload with Size Type Dimension Validation – Output

The following screenshots showing the success and failure cases while executing PHP image upload with validation example.
image-upload-after-validation
image-validation-error

Comments

Post a Comment

Popular posts from this blog

Build chatbot with node js and react js

User Experience is given a lot of attention while building any application these days. More and more brands are leveraging chatbots to service their customers, market their brand, and even sell their products. There are a lot of awesome tools out there which helps in building an intelligent bot very easily like Google’s DialogFlow, Amazon Lex, etc, most of which implement their own Natural Language Processing (NLP) logic. However, in some cases, we don’t really need an intelligent bot. Whenever we have a small application having a limited set of options to choose from, it’s not really necessary to use NLP based tools like Google’s DialogFlow. You need to integrate with them (which is pretty easy though), and you need to make a network call to get the results. Instead, you would want to define your rules locally in those cases. Here we will build a simple chatbot using React Simple Chatbot library and add it to our pizza-builder app using which we can build ou...
Post a Comment
Read more

How to earn money through google

 you know everyone thinks we’re fools, right? Today we gonna discuss how we can earn money from google with just doing blogging. Most of people thing blogging is a joke.It isn’t a career. It isn’t a way to make money. It isn’t a tool for changing the world. It’s a hobby, a diversion, a fad that’ll come and go. Sure, you can start a blog, but don’t count on it to make you any money. That’s just silly. Try telling your family or friends or coworkers you want to quit your job and make money blogging. They’ll smile politely and ask, “Does anybody really make money from that?” Yes, they want you to have dreams. Yes, they want you to chase them. Yes, they want you to succeed. But they also want you to be “realistic.” If you really want to improve your life, you should get an advanced degree, write a book, or even start your own business, not hang all your hopes and dreams on some stupid little blog. Nobody can make money blogging. Can they? Well, I’m hesitant to say this, bu...
Post a Comment
Read more