check to see if image exists at URL?

[galvin]

What is the best/proper way to check if a supplied URL goes to an actual image?  My site will allow users to enter an image URL (like "http://example.com/images/monkey.jpg").  I will store the URL they enter in a MySQL database and then will call it up later and do some resizing to these images. 

 

But I don't want to try to do any resizing if the URL they supply doesn't actually go to an image, or if it's blank (i.e. the user didn't enter a URL yet). 

 

So basically, I will run a MySql query to pull back the contents of the column called "imageurl".  Let's say those contents are stored in a variable called $imageurl.  This is what I'm trying to accomplish....

 

if ($theimageurl does NOT contain a URL to an image OR is blank) {
// do this
} else {
//run my resizing code
}

 

I guess i could do this to check to see if it's blank, but not sure this is proper/most efficient way to check that part of the issue...

 

if (trim($theimageurl) == "")

 

But greater than the "is it blank" concern is that people may enter URLs that just to a regular website so whether it's at this point in my code (or for security, I should probably do it BEFORE inserting it into my database :/ ) so curious if there are any functions that check to see if it's an image URL or not.  I know of file_exists, but I'm pretty sure that's just checking to see if a file exists and doesn't check image URLs.

 

Any info/suggestions would be appreciated as always! 

 

And if there are any recommended functions to check/clean the user-entered URL BEFORE it's entered into the database, please share

 

Thanks!

[The Little Guy]

I would use cURL

 

Something like this:

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
$opt = curl_exec();
$info = (object)curl_getinfo($ch);
if($info->http_code == 200){
// Image exists
}else{
// Image doesn't exist
}

[The Little Guy]

you can also do it like this:

 

$size = getimagesize($url);
if($size !== false){
// Image exists
}else{
// Image doesn't exist
}

[galvin]

Thanks for your suggestions!  I will probably try the first one since you said that's the one you'd use

 

[The Little Guy]

Okay, if you use the first one, you might also want to check the mime type, which can be found from curl_getinfo as well as the http_code from above

[galvin]

Ok thanks!  As I think more about maybe "cleaning" the URLs that users enter before inserting them into my database, I don't think I need to because I only re-display those URLs inside an <img> tag, in the "src".  So even if someone enters the URL of an actual website, it will just show a broken image, which I'm fine with (for now).  There's no way a bad link could hurt my site if it's only displayed back inside the <img> tag, right? 

 

Or am I being really, really naive? 

 

 

[xyph]

That's a subjective question. Someone could submit a link to an image with questionable content, and that would get displayed. In a sense, this could 'hurt' your site.

 

From an attack vector point of view, I don't think there aren't any image exploits on modern browsers. Any holes in your script would be huge, and affect a large percentage of sites on the internet.