I'm wondering if the imagecreatefromjpeg function is safe. I'm downloading image from the url to the server and saving it with extension 'jpg', then i'm resizing and modifing it and saving to next '.jpg' file and deleting the old one(the user don't know the name of first file, it's random). Can someone inject a "bad" code to the file and make server run it?
imagecreatefromjpeg function seems to be safe for me if you check first that it only has to process image data. Look there, you have to check this exif_imagetype firsst.
The function itself should work properly; It is one of the standard functions of PHP and is working for more than ten years now - at the manual you can even find eleven year old comments ;)
Imagecreatefromjpeg/png function is safe to use. As it is just process the image data only. It will always return the image resource.
Check the details here http://php.net/manual/en/function.imagecreatefromjpeg.php