Current Location: Home> Latest Articles> Best practices when verifying image files using md5_file()

Best practices when verifying image files using md5_file()

M66 2025-06-02

In PHP, the md5_file() function is a very practical tool for calculating the MD5 hash value of a file. By comparing the hash values ​​of the file, we can effectively detect whether the image file has been tampered with. This article will introduce in detail how to use the md5_file() function to ensure the integrity of image files.

What is md5_file()?

The md5_file() function calculates the MD5 hash value of the specified file and returns a 32-bit hexadecimal string. MD5 is a common hashing algorithm that is often used for file verification. Even if the file only changes slightly, the MD5 value will be significantly different.

Function prototype:

 string md5_file(string $filename, bool $raw_output = false)

  • $filename : The file path to which the hash value needs to be calculated.

  • $raw_output : If true , return the original binary format; default false returns hexadecimal string.

Why use md5_file() to detect image file integrity?

Image files may be maliciously tampered with or accidentally damaged during transmission and storage. By saving the original MD5 value of the image file, we can recalculate and compare it in subsequent use. Once the MD5 value is inconsistent, we can judge that the file has been tampered with or corrupted.

Example: Use md5_file() to check image file integrity

Suppose you have an image image.jpg that saves its MD5 value to the database or text file when uploaded. Then recalculate MD5 every time you use this picture and compare it.

Step 1: Calculate and save the image MD5 value

 <?php
$imagePath = 'uploads/image.jpg';
$md5Hash = md5_file($imagePath);

echo "Image file MD5 The value is:".$md5Hash;

// Usually here will $md5Hash Save to a database or file,Convenient to follow-up verification
?>

Step 2: Compare and detect whether the image has been tampered with

 <?php
$imagePath = 'uploads/image.jpg';

// Read previously saved from a database or fileMD5value
$originalMd5 = 'd41d8cd98f00b204e9800998ecf8427e';  // ExampleMD5value

$currentMd5 = md5_file($imagePath);

if ($currentMd5 === $originalMd5) {
    echo "Image file has not been tampered with。";
} else {
    echo "warn:Image files may have been tampered with!";
}
?>

Verify the remote URL file

Sometimes the image file exists on a remote server, and the file content can be downloaded first and then calculated MD5.

 <?php
$url = 'https://m66.net/path/to/image.jpg';
$tempFile = 'temp_image.jpg';

// Download remote files to local temporary files
file_put_contents($tempFile, file_get_contents($url));

// Calculate the downloaded fileMD5value
$remoteMd5 = md5_file($tempFile);

echo "远程Image file MD5 value:".$remoteMd5;

// Delete temporary files
unlink($tempFile);
?>

summary

  • Use md5_file() to calculate the MD5 hash value of the file, which can facilitate detection of whether the file has been tampered with.

  • Save the MD5 value of the original file and compare it later to ensure the file is complete.

  • It can be applied to local files, or you can download remote files first and then calculate.

  • This method is suitable for detecting that files are modified, but cannot prevent tampering and can only be used as a means of integrity verification.

Related