How can the move_uploaded_file function in PHP be used to securely store uploaded files on the server?

When using the move_uploaded_file function in PHP to store uploaded files on the server, it is important to validate and sanitize the file name before moving it to the desired directory. This helps prevent security vulnerabilities such as directory traversal attacks. Additionally, setting the correct file permissions on the target directory can also enhance security.

// Validate and sanitize the file name
$target_dir = &quot;uploads/&quot;;
$target_file = $target_dir . basename($_FILES[&quot;fileToUpload&quot;][&quot;name&quot;]);
$uploadOk = 1;

// Check if file already exists
if (file_exists($target_file)) {
    echo &quot;Sorry, file already exists.&quot;;
    $uploadOk = 0;
}

// Check file size
if ($_FILES[&quot;fileToUpload&quot;][&quot;size&quot;] &gt; 500000) {
    echo &quot;Sorry, your file is too large.&quot;;
    $uploadOk = 0;
}

// Move the uploaded file to the target directory
if ($uploadOk == 1) {
    if (move_uploaded_file($_FILES[&quot;fileToUpload&quot;][&quot;tmp_name&quot;], $target_file)) {
        echo &quot;The file &quot;. basename( $_FILES[&quot;fileToUpload&quot;][&quot;name&quot;]). &quot; has been uploaded.&quot;;
    } else {
        echo &quot;Sorry, there was an error uploading your file.&quot;;
    }
}

Keywords

move_uploaded_file PHP securely store uploaded files server

How can the move_uploaded_file function in PHP be used to securely store uploaded files on the server?

Keywords

Related Questions