I need to upload images to my website, make some image processing(resize, get image size\resolution, convert to jpg format etc ) and then embed it to page of my website. I have a few question:
How to check that uploading file is image?
You could look at the uploaded filename and use the extension but that's not 100% guarantee. Anyone could rename an .exe to .jpg, so no reliable way. Remember that all you get on the server is a filename and a byte array which could be anything. Another technique consists into looking at the first few bytes of the uploaded file and try to guess its type but once again not guaranteed.
Where is better store images - mssql or just folder?
There is no definite answer. Some prefer files system, others SQL. I prefer storing files on the file system and saving only the path in SQL. Also SQL Server 2008 has a FileStream datatype which might be worth checking.
How to detect image type. Is MIME trust source?
Once again the file extension could be used but not 100% trustworthy.
How to make image processing. Is System.Drawing good instrument?
Yes GDI+ is good enough to perform basic image processing like resizing for common image types.
1) the cheap way to detect is by extension. The mostly secure way is to read the first few bytes of the header and see if it matches to known image format headers.
2) MSSQL 2008 has a FileStream type which is the best of both worlds. If you are on an older version of sql server then it's a toss up. If the images have to be accessible by multiple web servers and portability / backups are a concern then you have to put it in the database server...
If multiple web servers, but portability/backups are not a concern, then store it on a NAS.
If single web server and you know it won't be scaled up, then on the local web server file system is ok.
3) Trust no one. See Item 1.
4) Buy a library or find an open source one. It will make your life much easier. Incidentally, this helps with item 1 and 3. When the image is uploaded, open it with the library. If the library complains then you can be pretty sure it's not a real image.
You might check into plupload to see what they are doing: http://www.plupload.com/
You can check out my blog post:
Async-Image upload using JavaScript + ASHX Handler. http://weblogs.asp.net/rternier/archive/2010/08/18/jquery-image-upload-amp-refresh-using-an-ashx-file.aspx
ServerSide code for Image Uploading (ASHX and image manipulation) http://weblogs.asp.net/rternier/archive/2010/09/17/jquery-image-upload-amp-refresh-using-an-ashx-file-part-2.aspx
IT will cover a lot of this, but here you go.
how to check if it's an image: When you are uploading you can check the file extension to see what it is. Once uploaded, you can check the mime type of the file.
I like storing images as binary inside a database. It's a lot easier to manage and I don't need to read/write from the web server hard disk to get the image.
TO do any modifications on the image use System.Drawing.