View Full Version : checking that a URL points to an image

03-01-2008, 12:52 PM
how would I protect myself from an attack to ensure that a user submitted URL points to an image (either .jpg, .jpeg, .gif, .png or .ico )?

the var is of this type:

$imageURL = 'http://www.foo.com/img/myimages/dog.gif'


$imageURL = 'http://www.bar.com/images/home/vacation/beach.jpg'


$imageURL = 'http://www.foobarb.com/img/myimages/banner.png'

I dont want people submitting .exe files for instance

03-01-2008, 07:30 PM
You can use the function getimagesize(), but the note in the manual on using that function on remote files is:

This parameter specifies the file you wish to retrieve information about. It can reference a local file or (configuration permitting) a remote file using one of the supported streams.

I haven't messed with streams much, but here's the page in the manual (http://us2.php.net/manual/en/ref.stream.php) that introduces the concept.