How can one validate file uploads in PHP to ensure security?

File uploads in PHP can pose security risks if not properly validated. To ensure security, one should check the file type, size, and content to prevent malicious files from being uploaded. Additionally, it is important to store uploaded files in a secure directory outside of the web root to prevent direct access.

&lt;?php
$uploadDir = &#039;uploads/&#039;;
$allowedTypes = [&#039;image/jpeg&#039;, &#039;image/png&#039;];
$maxFileSize = 1048576; // 1MB

if ($_FILES[&#039;file&#039;][&#039;error&#039;] === UPLOAD_ERR_OK) {
    $fileType = $_FILES[&#039;file&#039;][&#039;type&#039;];
    $fileSize = $_FILES[&#039;file&#039;][&#039;size&#039;];

    if (in_array($fileType, $allowedTypes) &amp;&amp; $fileSize &lt;= $maxFileSize) {
        $uploadPath = $uploadDir . basename($_FILES[&#039;file&#039;][&#039;name&#039;]);
        move_uploaded_file($_FILES[&#039;file&#039;][&#039;tmp_name&#039;], $uploadPath);
        echo &#039;File uploaded successfully.&#039;;
    } else {
        echo &#039;Invalid file type or size.&#039;;
    }
} else {
    echo &#039;Error uploading file.&#039;;
}
?&gt;

Keywords

File uploads PHP security validation functions

How can one validate file uploads in PHP to ensure security?

Keywords

Related Questions