What are best practices for validating file types and sizes in PHP file uploads?

When allowing file uploads in PHP, it is important to validate the file types and sizes to prevent malicious files from being uploaded to the server. To validate file types, you can check the MIME type of the uploaded file using the `$_FILES['file']['type']` variable. To validate file sizes, you can check the `$_FILES['file']['size']` variable against a maximum allowed size.

// Validate file type
$allowedTypes = [&#039;image/jpeg&#039;, &#039;image/png&#039;, &#039;image/gif&#039;];
if (!in_array($_FILES[&#039;file&#039;][&#039;type&#039;], $allowedTypes)) {
    die(&#039;Invalid file type. Allowed types: jpeg, png, gif&#039;);
}

// Validate file size
$maxSize = 1048576; // 1MB
if ($_FILES[&#039;file&#039;][&#039;size&#039;] &gt; $maxSize) {
    die(&#039;File size exceeds the limit of 1MB&#039;);
}

Keywords

file uploads PHP validation file types file sizes

What are best practices for validating file types and sizes in PHP file uploads?

Keywords

Related Questions