A:  
$ext = strtolower(end(explode('.', $filename)));
switch($ext)
{
case 'jpg':
///Blah
break;
}

Hard version (just trying)

//Turn off E_NOTICE reporting first
if(getimagesize($url) !== false)
{
//Image
}
Misiur  2010-08-08 08:44:38
`Turn off E_NOTICE reporting first` Why not use the `@` operator if it's necessary?
strager  2010-08-08 09:00:06
+2  A: 

i think that the idea is to get a content of the header url via curl

and check the headers

After calling curl_exec() to get a web page, call curl_getinfo() to get the content type string from the HTTP header

look how to do it in this link :

http://nadeausoftware.com/articles/2007/06/php_tip_how_get_web_page_content_type#IfyouareusingCURL

Haim Evgi  2010-08-08 08:47:27
Great link for other methods too!
Arjan  2010-08-08 09:51:39
+4  A: 

If you want to be absolutely sure, and your PHP is enabled for remote connections, you can just use

getimagesize('url');

If it returns an array, it is an image type recognized by PHP, even if the image extension is not in the url (per your second link). You have to keep in mind that this method will make a remote connection for each request, so perhaps cache urls that you already probed in a database to lower connections.

Blizz  2010-08-08 08:47:45
Be sure to sanitize the URL if you do this! Or better yet, use `curl`, which can't (shouldn't?) access the filesystem.
strager  2010-08-08 09:01:23
This doesn't executes commandos, it opens up the file and reads the header of the file. Can you explain me where the danger lies if someone would give say like /etc/passwd as the link? The function would just return FALSE.
Blizz  2010-08-08 09:06:19
@Blizz, It's a security risk nonetheless. What if `getimagesize` contained a bug? What if @Giffary decided to get more information from the image, and this gave more information to a potential hacker? I don't know, but IMO it's better to be safe than sorry.
strager  2010-08-08 09:41:30
@Strager I couldn't agree more about better being safe than sorry, it's way too easy to leave a security hole. I was just wondering if there's a particular reason you made that statement.
Blizz  2010-08-08 09:46:56
+5  A: 

You can send a HEAD request to the server and then check the Content-type. This way you at least know what the server "thinks" what the type is.

VolkerK  2010-08-08 08:48:23
+1 because I had no idea that existed :)
Blizz  2010-08-08 08:56:02

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases