How can PHP be used to validate file types server-side before allowing the upload to proceed?

When allowing file uploads on a website, it is important to validate the file type server-side to prevent malicious files from being uploaded. PHP can be used to check the file type before allowing the upload to proceed. This can be done by checking the MIME type of the file using the `$_FILES` superglobal array.

// Check if the file type is allowed
$allowedTypes = [&#039;image/jpeg&#039;, &#039;image/png&#039;, &#039;image/gif&#039;];
if (!in_array($_FILES[&#039;file&#039;][&#039;type&#039;], $allowedTypes)) {
    echo &#039;Invalid file type. Only JPEG, PNG, and GIF files are allowed.&#039;;
    exit;
}

// If the file type is allowed, proceed with the upload
move_uploaded_file($_FILES[&#039;file&#039;][&#039;tmp_name&#039;], &#039;uploads/&#039; . $_FILES[&#039;file&#039;][&#039;name&#039;]);
echo &#039;File uploaded successfully.&#039;;

Keywords

PHP file validation server-side file upload MIME type

How can PHP be used to validate file types server-side before allowing the upload to proceed?

Keywords

Related Questions