|
|
|
|
Bookmark this on Delicious
Share on Facebook
 Slashdot It!
Digg  finfo_file
Return information about a file
(PECL fileinfo:0.1-1.0.4)
Example 616. A finfo_file() example<?phpThe above example will output something similar to: text/htmlCode Examples / Notes » finfo_fileryan day
to check images on unix based systems its much better to use the identify command provided by image magic as it provides accurate results about all files <?php function is_jpg($fullpathtoimage){ if(file_exists($fullpathtoimage)){ exec("identify $fullpathtoimage",$out); //using system() echos STDOUT automatically if(!empty($out)){ //identify returns an empty result to php //if the file is not an image $info = $out[0]; $info = explode(' ',$out[0]); //^IF THE FILENAME CONTAINS SPACES //^THIS WILL NOT WORK...be creative $type = $info[1]; if($type == 'JPEG'){ return true; } } } return false; } ?> identify can process all types of images that are web friendly sample output: ./image/someimage.jpg JPEG 150x112 150x112+0+0 DirectClass 8-bit 4.54688kb if you dont want to control the image name or want to support spaces use: escapeshellarg() http://us2.php.net/manual/en/function.escapeshellarg.php function links: exec() -- http://us2.php.net/manual/en/function.exec.php explode() -- http://us2.php.net/manual/en/function.explode.php 03-may-2007 10:10
this returns the string "cannot open `FILEPATH' (No such file or directory)" if non-existent path given, instead of FALSE as written above. Environment: PHP 5.2.1, WinXp. schraalhans keukenmeester
Tempting as it may seem to use finfo_file() to validate uploaded image files (Check whether a supposed imagefile really contains an image), the results cannot be trusted. It's not that hard to wrap harmful executable code in a file identified as a GIF for instance. A better & safer option is to check the result of: if (!$img = @imagecreatefromgif($uploadedfilename)) { trigger_error('Not a GIF image!',E_USER_WARNING); // do necessary stuff } webshowpro
Just an improvement on the sample Ryan Day posted - slightly off topic since this method does not use finfo_file but in some cases this method might be preferable. The main change is the -format %m parameters given to the identify call. I would suggest using the full system path to identify i.e. /usr/bin/identify to be a little safer (the location may change from server to server though). <?php function is_jpg($fullpathtoimage){ if(file_exists($fullpathtoimage)){ exec("/usr/bin/identify -format %m $fullpathtoimage",$out); //using system() echos STDOUT automatically if(!empty($out)){ //identify returns an empty result to php //if the file is not an image if($out == 'JPEG'){ return true; } } } return false; } ?> spazdaq
FYI contrary to the documentation, finfo_file seems to be returning a semicolon delimited string that contains not just the mime type but also the character set. so $finfo = finfo_open(FILEINFO_MIME); echo(finfo_file($finfo, $my_file)); returns: text/plain; charset=us-ascii it may be dependent on the magic file, but i'm too lazy to investigate further. php
Annoying one this - only tested on Windows. It looks like finfo_file only works if you give it an absolute filename or a file listed in $_FILES - presumably because there are known locations that php looks for files. eg: finfo_file($handle,'img.gif'); // returns an error finfo_file($handle,realpath('img.gif')); // returns correctly |
