- Php – How to read file properties with PHP
- Best Solution
- Related Solutions
- Correctly setting up the connection
- Explanation
- Can prepared statements be used for dynamic queries?
- How to read file properties with PHP?
- Solution 2
- Solution 3
- Road To Automation
- 1 comment:
- Search This Blog
- Followers
- Facebook Badge
- Blog Archive
- Total Pageviews
- Labels
- Recent Comments
- Popular Posts
Php – How to read file properties with PHP
I’m wondering if there is a way I can store data like the author, in a file? Like you right click on a file in Windows, and you set properties of it. Can I read those properties in PHP ?
What I really want to do is, I want to upload images to a directory, and when I’m showing the images in the PHP page, I want to get the alt attribute directly from the jpg (or png) file’s «properties».
I have tried finfo_file() function of PHP, but no success.
Best Solution
I’m wondering if there is a way I can store data like the author, in a file? Like you right click on a file in Windows, and you set properties of it
There are two ways that Windows can show properties for a file. The first way is if it knows about the file format and the file format can contain metadata. Examples of this are JPEGs and Word documents. In both of those formats metadata about the file (author, etc) are contained within the file, and Windows knows how to show it. The second way metadata can be stored is in Alternative Data Streams (ADS) with an NTFS file system. A good guide to using ADS can be found at http://www.irongeek.com/i.php?page=security/altds
Can I read those properties in PHP ?
For in-file metadata it depends on the file format. JPEG EXIF data can be read by the exif-read-data function (http://php.net/manual/en/function.exif-read-data.php)
I don’t have a handy NTFS partition to test this on, but I believe you might be able to access Alternative Data Streams within PHP if running it in Windows and accessing an NTFS file system.
What I really want to do is, I want to upload images to a directory, and when I’m showing the images in the PHP page, I want to get the alt attribute directly from the jpg (or png) file’s «properties».
JPEGs that contain the metadata you want can be read by the exif-read-data function as mentioned above. PNGs don’t hold EXIF data so there is no respective function for that (PNGs can contain metadata, but there doesn’t seem to be a standard to it).
If you get the user to include name and other data when they upload the file you could store that and retrieve it when showing the image. The data could be stored anywhere, e.g. in a database (perhaps linking file name to data), or on the filesystem (for an image called image1.png you could store the author’s name in a file called image1.png.txt ).
Related Solutions
Php – How to prevent SQL injection in PHP
The correct way to avoid SQL injection attacks, no matter which database you use, is to separate the data from SQL, so that data stays data and will never be interpreted as commands by the SQL parser. It is possible to create SQL statement with correctly formatted data parts, but if you don’t fully understand the details, you should always use prepared statements and parameterized queries. These are SQL statements that are sent to and parsed by the database server separately from any parameters. This way it is impossible for an attacker to inject malicious SQL.
You basically have two options to achieve this:
- Using PDO (for any supported database driver):
$stmt = $pdo->prepare('SELECT * FROM employees WHERE name = :name'); $stmt->execute([ 'name' => $name ]); foreach ($stmt as $row) < // Do something with $row > $stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?'); $stmt->bind_param('s', $name); // 's' specifies the variable type => 'string' $stmt->execute(); $result = $stmt->get_result(); while ($row = $result->fetch_assoc()) < // Do something with $row > If you’re connecting to a database other than MySQL, there is a driver-specific second option that you can refer to (for example, pg_prepare() and pg_execute() for PostgreSQL). PDO is the universal option.
Correctly setting up the connection
Note that when using PDO to access a MySQL database real prepared statements are not used by default. To fix this you have to disable the emulation of prepared statements. An example of creating a connection using PDO is:
$dbConnection = new PDO('mysql:dbname=dbtest;host=127.0.0.1;charset=utf8', 'user', 'password'); $dbConnection->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); $dbConnection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); In the above example the error mode isn’t strictly necessary, but it is advised to add it. This way the script will not stop with a Fatal Error when something goes wrong. And it gives the developer the chance to catch any error(s) which are throw n as PDOException s.
What is mandatory, however, is the first setAttribute() line, which tells PDO to disable emulated prepared statements and use real prepared statements. This makes sure the statement and the values aren’t parsed by PHP before sending it to the MySQL server (giving a possible attacker no chance to inject malicious SQL).
Although you can set the charset in the options of the constructor, it’s important to note that ‘older’ versions of PHP (before 5.3.6) silently ignored the charset parameter in the DSN.
Explanation
The SQL statement you pass to prepare is parsed and compiled by the database server. By specifying parameters (either a ? or a named parameter like :name in the example above) you tell the database engine where you want to filter on. Then when you call execute , the prepared statement is combined with the parameter values you specify.
The important thing here is that the parameter values are combined with the compiled statement, not an SQL string. SQL injection works by tricking the script into including malicious strings when it creates SQL to send to the database. So by sending the actual SQL separately from the parameters, you limit the risk of ending up with something you didn’t intend.
Any parameters you send when using a prepared statement will just be treated as strings (although the database engine may do some optimization so parameters may end up as numbers too, of course). In the example above, if the $name variable contains ‘Sarah’; DELETE FROM employees the result would simply be a search for the string «‘Sarah’; DELETE FROM employees» , and you will not end up with an empty table.
Another benefit of using prepared statements is that if you execute the same statement many times in the same session it will only be parsed and compiled once, giving you some speed gains.
Oh, and since you asked about how to do it for an insert, here’s an example (using PDO):
$preparedStatement = $db->prepare('INSERT INTO table (column) VALUES (:column)'); $preparedStatement->execute([ 'column' => $unsafeValue ]); Can prepared statements be used for dynamic queries?
While you can still use prepared statements for the query parameters, the structure of the dynamic query itself cannot be parametrized and certain query features cannot be parametrized.
For these specific scenarios, the best thing to do is use a whitelist filter that restricts the possible values.
// Value whitelist // $dir can only be 'DESC', otherwise it will be 'ASC' if (empty($dir) || $dir !== 'DESC')
Python – How to check whether a file exists without exceptions
If the reason you’re checking is so you can do something like if file_exists: open_it() , it’s safer to use a try around the attempt to open it. Checking and then opening risks the file being deleted or moved or something between when you check and when you try to open it.
If you’re not planning to open the file immediately, you can use os.path.isfile
Return True if path is an existing regular file. This follows symbolic links, so both islink() and isfile() can be true for the same path.
import os.path os.path.isfile(fname) if you need to be sure it’s a file.
Starting with Python 3.4, the pathlib module offers an object-oriented approach (backported to pathlib2 in Python 2.7):
from pathlib import Path my_file = Path("/path/to/file") if my_file.is_file(): # file exists if my_file.is_dir(): # directory exists To check whether a Path object exists independently of whether is it a file or directory, use exists() :
if my_file.exists(): # path exists You can also use resolve(strict=True) in a try block:
try: my_abs_path = my_file.resolve(strict=True) except FileNotFoundError: # doesn't exist else: # exists Related Question
How to read file properties with PHP?
There are two ways that Windows can show properties for a file. The first way is if it knows about the file format and the file format can contain metadata. Examples of this are JPEGs and Word documents. In both of those formats metadata about the file (author, etc) are contained within the file, and Windows knows how to show it. The second way metadata can be stored is in Alternative Data Streams (ADS) with an NTFS file system. A good guide to using ADS can be found at http://www.irongeek.com/i.php?page=security/altds
Can I read those properties in PHP ?
For in-file metadata it depends on the file format. JPEG EXIF data can be read by the exif-read-data function (http://php.net/manual/en/function.exif-read-data.php)
I don’t have a handy NTFS partition to test this on, but I believe you might be able to access Alternative Data Streams within PHP if running it in Windows and accessing an NTFS file system.
What I really want to do is, I want to upload images to a directory, and when I’m showing the images in the PHP page, I want to get the alt attribute directly from the jpg (or png) file’s «properties».
JPEGs that contain the metadata you want can be read by the exif-read-data function as mentioned above. PNGs don’t hold EXIF data so there is no respective function for that (PNGs can contain metadata, but there doesn’t seem to be a standard to it).
If you get the user to include name and other data when they upload the file you could store that and retrieve it when showing the image. The data could be stored anywhere, e.g. in a database (perhaps linking file name to data), or on the filesystem (for an image called image1.png you could store the author’s name in a file called image1.png.txt ).
Solution 2
stat() is probably the closest to the data you want. But it only provides system level metadata like uid.
For more detailed metadata, you will need to track it yourself.
Solution 3
Specifically for images, you may want to try reading the exif data for the image. PHP has a function to do this of course:
Road To Automation
For reading and writing data into properties file I am using parse_ini_file() function in this post.
Create a file name with extension .properties like I have created below:
If you run above file you will get Name and Url values.
Writing Data: below code write data into mentioned file if key is already exist then it update value and if key not exist it add new key value. Also if file not exist then it create new file.
1 comment:
You always provide quality based posts, enjoy reading your work. html5 video scene selection Reply Delete
Leave your comments, queries, suggestion I will try to provide solution
Search This Blog
Followers
Facebook Badge
Blog Archive
Total Pageviews
Labels
Recent Comments
Popular Posts
For reading and writing data into properties file I am using Properties class in this post. Create a file name with extension .properties .
Sauce lab provided screen capturing functionality to test scripts execution, I was looking same type functionality to work on local machine.
Perquisite: Download and install xampp application into your machine from link: «http://www.apachefriends.org/en/xampp-windows.html&.
SoapUI Pro has a feature to read data from external files like: excel, csv etc. But SoapUI does not provide such feature to read data from .
In this post I will show you how to automate HTML5 video. To automate this we will use java scripts function to control video. So here we .
In my previous post «» Road to create test suite for python Webdriver scripts , I posted that how to create Suite file for webdri.
About Appium: Appium is open source automation tool for iOS and android application supported by Sauce Lab. It is cross platform, supporte.
In this post I will show you how to execute SoapUI test for a set of values. For this I have put all data in csv file. I write groovy scri.
Prerequisite: 1. Download and install Sikuli from for more information visit link «http://www.sikuli.org/download.html 2. D.
In this post, I am going to show you how to read data from text file in SoapUI. SoapUI Pro has some advance feature which is not in SaopUI .