Click here to Skip to main content
15,564,017 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hi Everyone,

I just wanna check if this is the best method to validate a image before uploading. Please see below my code and advise?

Many thanks for reading my post.

What I have tried:

if(isset($_POST['save'])) {

//Validate image
if (empty($_POST["image"])) {
$imageError = "";
} else {
$image = check_input($_POST["image"]);
$allowed =  array('jpeg','jpg', "png", "gif", "bmp", "JPEG","JPG", "PNG", "GIF", "BMP");
$ext = pathinfo($image, PATHINFO_EXTENSION);
if(!in_array($ext,$allowed) ) {
$imageError = "jpeg only";


// Validate data
function check_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
Updated 18-Oct-22 3:56am

The code might also need to check for content type instead just the file extension.

MIME type detection for PHP file uploads |[^]

PHP: mime_content_type - Manual[^]
Share this answer
Member 14093672 12-Jan-19 23:26pm    
or this one is better?

      $errors= array();
      $file_name = $_FILES['image']['name'];
      $file_size = $_FILES['image']['size'];
      $file_tmp = $_FILES['image']['tmp_name'];
      $file_type = $_FILES['image']['type'];
      $expensions= array("jpeg","jpg","png");
      if(in_array($file_ext,$expensions)=== false){
         $errors[]="extension not allowed, please choose a JPEG or PNG file.";
      if($file_size > 2097152) {
         $errors[]='File size must be excately 2 MB';
      if(empty($errors)==true) {
         echo "Success";
      <form action = "" method = "POST" enctype = "multipart/form-data">
         <input type = "file" name = "image" />
         <input type = "submit"/>
            <li>Sent file: <?php echo $_FILES['image']['name'];  ?>
            <li>File size: <?php echo $_FILES['image']['size'];  ?>
            <li>File type: <?php echo $_FILES['image']['type'] ?>
Bryian Tan 12-Jan-19 23:48pm    
check this out: MIME type detection for PHP file uploads |[^], the mime_content_type() depreciated, my bad.
Member 14093672 13-Jan-19 0:51am    
I am struggling to append this to the existing function above.

function get_mime_type($file) {
 $mtype = false;
 if (function_exists('finfo_open')) {
 $finfo = finfo_open(FILEINFO_MIME_TYPE);
 $mtype = finfo_file($finfo, $file);
 } elseif (function_exists('mime_content_type')) {
 $mtype = mime_content_type($file);
 return $mtype;
// step given the name of
//allowed image extension
//image type
//tempary name
//how this location to upload
//check the picture
$imgErr="jpeg, png,gif,bmp,jpeg only!";

Share this answer
Richard Deeming 18-Oct-22 9:08am    
Unformatted, unexplained code with a serious security vulnerability is not a good solution to this question.

Stick to answering new questions unless you have something new and interesting to add to the discussion.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900