In the provided PHP code for file uploads, what best practices should be followed to ensure security and efficiency?

To ensure security and efficiency in file uploads, it is important to validate file types, limit file size, and store files in a secure directory outside the web root. Additionally, consider implementing measures such as renaming files to prevent overwriting and using server-side validation to further enhance security.

// Validate file type
$allowedTypes = [&#039;jpg&#039;, &#039;jpeg&#039;, &#039;png&#039;, &#039;gif&#039;];
$extension = pathinfo($_FILES[&#039;file&#039;][&#039;name&#039;], PATHINFO_EXTENSION);
if (!in_array($extension, $allowedTypes)) {
    die(&#039;Invalid file type.&#039;);
}

// Limit file size
$maxSize = 5 * 1024 * 1024; // 5MB
if ($_FILES[&#039;file&#039;][&#039;size&#039;] &gt; $maxSize) {
    die(&#039;File is too large.&#039;);
}

// Store file in secure directory
$uploadDir = &#039;/var/www/uploads/&#039;;
$uploadFile = $uploadDir . basename($_FILES[&#039;file&#039;][&#039;name&#039;]);
if (move_uploaded_file($_FILES[&#039;file&#039;][&#039;tmp_name&#039;], $uploadFile)) {
    echo &#039;File uploaded successfully.&#039;;
} else {
    echo &#039;Error uploading file.&#039;;
}

Keywords

file uploads PHP code security efficiency best practices

In the provided PHP code for file uploads, what best practices should be followed to ensure security and efficiency?

Keywords

Related Questions