A simple and secure PHP image uploader

v5.0.1 2023-10-14 20:37 UTC

This package is auto-updated.

Last update: 2024-02-14 21:23:56 UTC


Latest Stable Version Total Downloads Scrutinizer Code Quality License

Bulletproof is a single-class PHP library to upload images securely.


Install using git

$ git clone

Install using Composer

$ composer require samayo/bulletproof:5.0.*

Or download it manually in a ZIP format


To quickly upload images, use the following HTML & PHP code:

<form method="POST" enctype="multipart/form-data">
  <input type="hidden" name="MAX_FILE_SIZE" value="1000000"/>
  <input type="file" name="pictures" accept="image/*"/>
  <input type="submit" value="upload"/>
require_once  "path/to/bulletproof.php";

$image = new Bulletproof\Image($_FILES);

  $upload = $image->upload(); 

    echo $upload->getPath(); // uploads/cat.gif
    echo $image->getError(); 

For more options or configurations, check the following examples:


Setting Properties

Methods to set restriction on the image name, size, type, etc.. to upload

// To provide a name for the image. If unused, image name will be auto-generated.

// To set the min/max image size to upload (in bytes)
$image->setSize($min, $max);

// To define a list of allowed image types to upload
$image->setMime(array('jpeg', 'gif'));

// To set the max image height/width to upload (limit in pixels)
$image->setDimension($width, $height);

// To create a folder name to store the uploaded image, with optional chmod permission
$image->setStorage($folderName, $optionalPermission);

Getting Properties

Methods to retrieve image data before/after upload.

// To get the image name

// To get the image size (in bytes)

// To get the image mime (extension)

// To get the image width in pixels

// To get the image height in pixels

// To get image location (folder where images are uploaded)

// To get the full image path. ex 'images/logo.jpg'

// To get the json format value of all the above information

Extended Configuration Usage

How to use the property setters and getters.

$image = new Bulletproof\Image($_FILES);

      ->setStorage(__DIR__ . "/avatars");

    echo $image->getName(); // samayo   
    echo $image->getMime(); // gif
    echo $image->getStorage(); // avatars
    echo $image->getPath(); // avatars/samayo.gif

Image Manipulation

To crop, resize or watermak images, use functions stored in src/utils

Creating custom errors

Use php exceptions to define custom error responses

  try {
    if($image->getMime() !== 'png'){
      throw new \Exception('Only PNG image types are allowed');

    // check size, width, height...

      throw new \Exception($image->getError());
    } else {
      echo $image->getPath();
  } catch (\Exception $e){
    echo "Error " . $e->getMessage();

What makes this secure?

  • Uses exif_imagetype() to get the true image mime (.extension)
  • Uses getimagesize() to check if image has a valid height / width in pixels.
  • Sanitized images names, strict folder permissions and more...

License: MIT