he is absolutely right, but getimagesize does not make sure either image has extra byes at the end of stream or not, for that reason I prefer imagecreatefromtring. Major concern: In conjunction later use imagejpeg, imagepng but not move_uploaded_file. But, ofcourse getimageisze relies on header only, and not loads not entire file in memory, less cpu usage. regards
Spamming md5 doesn't give you more security. It actually gives you less security because you're hashing a hash that's always going to be exactly 32 characters and comprised of only numbers and the letters a to f. It's better to just use crypt with a variable salt.