Im building a simple php aplication for my website that requires visitors to enter the url of an image on the internet which my script will then download to my local server so that the visitor can manipulate the image with the gd library..
my question is..
what would be the best way to validate that a) the file exists, b) that the file is actually an image.
is it possible to do the validation without first downloading the image?
I know that maliscious code can be embedded in images so ideally i would like to do the validation remotely but any guidance on the best method would be appreciated
Have a look here: http://stackoverflow.com/questions/6185669/malicious-code-through-image-upload
You'll still have to bring the file local. Delete the file if it returns false.
This topic is now closed. New replies are no longer allowed.