What are best practices for validating and sanitizing user-uploaded files in a PHP application?

Validating and sanitizing user-uploaded files in a PHP application is crucial to prevent security vulnerabilities such as file injection attacks. To validate user-uploaded files, you should check the file type, size, and content to ensure they meet your application's requirements. Sanitizing involves removing any potentially harmful content from the file before storing it on the server.

// Validate and sanitize user-uploaded file
if(isset($_FILES[&#039;file&#039;])){
    $file = $_FILES[&#039;file&#039;];

    // Validate file type
    $allowedTypes = [&#039;image/jpeg&#039;, &#039;image/png&#039;, &#039;image/gif&#039;];
    if(!in_array($file[&#039;type&#039;], $allowedTypes)){
        die(&#039;Invalid file type. Only JPEG, PNG, and GIF files are allowed.&#039;);
    }

    // Validate file size
    $maxFileSize = 1048576; // 1MB
    if($file[&#039;size&#039;] &gt; $maxFileSize){
        die(&#039;File is too large. Maximum file size allowed is 1MB.&#039;);
    }

    // Sanitize file content
    $sanitizedContent = file_get_contents($file[&#039;tmp_name&#039;]);

    // Save sanitized file to the server
    $destination = &#039;uploads/&#039; . $file[&#039;name&#039;];
    move_uploaded_file($file[&#039;tmp_name&#039;], $destination);

    echo &#039;File uploaded successfully.&#039;;
}

Keywords

file upload validation sanitization security PHP functions

What are best practices for validating and sanitizing user-uploaded files in a PHP application?

Keywords

Related Questions