如果您认为 getimagesize() 有点太慢(因为我们知道所有上传都是以超高速完成的 ;) )您也可以尝试 fileinfo 库.它至少检查文件中的一些字节.它非常快，我每天都使用它来处理一个应用程序中的数百个文件，该应用程序应该可以快速运行并且确实如此.

If you think getimagesize() is a bit too slow (because all uploads are done in super highspeed as we know ;) ) you can try the fileinfo library as well. It inspects at least some bytes within the file. It's pretty fast, I use it every day for hundreds of files in an app that should run speedy and it does.

然而，你不验证你不知道.所以可能首先检查扩展名，确保安全的文件名和安全的存储，并将它们正确发送给客户端.

However, what you don't verify you don't know. So probably first checking extension, ensure a safe filename and a safe store and that they are properly send out to the client.

在让任何图像库接触它之前(这应该包括您网站用户的计算机上的那些)，出于安全原因，应该通过病毒扫描程序扫描文件.与 getimagesize() 相比，这要慢得多，其他人建议查看文件中是否出现任何 <?php 以及防止作为有效负载上传.当然，这包括检查 phar 文件，如果没有通过 PHP 安装安全设置(例如通过 suhosin)阻止包含

Before letting any image library touch it (and this should include those on the computers of your site's users), for security reasons the file should be scanned by a virus scanner. That's much more slow compared to getimagesize(), others suggest to take a look into the file for any occurance of <?php as well to prevent uploading as payload. Naturally this includes checking for phar files if inclusion is not prevented via the PHP installations security settings (e.g. by suhosin)

在按需病毒扫描旁边，由于以前未知的漏洞，应不时检查存储的文件.

Next to on-demand virus scanning, stored files should be checked from time to time again and again because of formerly unknown exploits.

因此其中一部分始终是后台工作.但即使是按需实时检查通常也不会花费太多时间，除非您的应用程序一直在上传.您可能想引入一些上传队列，以便上传已经完成，但在运行必要的任务后，上传者可以使用文件获取.

So part of this is always a background job. But even the on demand real-time checks often do not take that much time unless your application does uploads all the time. You might want to introduce some upload-queue, so the upload is already done but the file get's available to the uploader after the necessary tasks have been run.