How can one ensure secure image upload in PHP?

To ensure secure image upload in PHP, one should validate the file type, check the file size, and store the uploaded images in a secure directory outside of the web root to prevent direct access.

&lt;?php
// Define allowed file types
$allowed_types = array(&#039;jpg&#039;, &#039;jpeg&#039;, &#039;png&#039;, &#039;gif&#039;);

// Check if the file is an image
if (isset($_FILES[&#039;image&#039;]) &amp;&amp; $_FILES[&#039;image&#039;][&#039;error&#039;] == UPLOAD_ERR_OK) {
    $file_info = pathinfo($_FILES[&#039;image&#039;][&#039;name&#039;]);
    $file_ext = strtolower($file_info[&#039;extension&#039;]);

    if (in_array($file_ext, $allowed_types)) {
        // Check file size
        if ($_FILES[&#039;image&#039;][&#039;size&#039;] &lt;= 5000000) {
            // Move uploaded file to secure directory
            move_uploaded_file($_FILES[&#039;image&#039;][&#039;tmp_name&#039;], &#039;/path/to/secure/directory/&#039; . $_FILES[&#039;image&#039;][&#039;name&#039;]);
            echo &#039;Image uploaded successfully.&#039;;
        } else {
            echo &#039;File size exceeds limit.&#039;;
        }
    } else {
        echo &#039;Invalid file type.&#039;;
    }
} else {
    echo &#039;Error uploading file.&#039;;
}
?&gt;

Keywords

file upload security measures image validation file type checking PHP functions

How can one ensure secure image upload in PHP?

Keywords

Related Questions