What are some best practices for handling file uploads in PHP functions?

When handling file uploads in PHP functions, it is important to validate the file type, size, and ensure secure file storage to prevent security risks such as file injection attacks. One best practice is to use PHP's built-in functions like `move_uploaded_file()` to move the uploaded file to a secure location on the server. Additionally, sanitizing file names and using unique file names can help prevent conflicts and maintain organization.

&lt;?php
// Check if file was uploaded without errors
if(isset($_FILES[&#039;file&#039;]) &amp;&amp; $_FILES[&#039;file&#039;][&#039;error&#039;] == 0){
    $file_name = $_FILES[&#039;file&#039;][&#039;name&#039;];
    $file_size = $_FILES[&#039;file&#039;][&#039;size&#039;];
    $file_tmp = $_FILES[&#039;file&#039;][&#039;tmp_name&#039;];
    
    // Validate file type
    $file_type = pathinfo($file_name, PATHINFO_EXTENSION);
    if($file_type != &#039;jpg&#039; &amp;&amp; $file_type != &#039;png&#039; &amp;&amp; $file_type != &#039;jpeg&#039;){
        echo &quot;Only JPG, JPEG, PNG files are allowed.&quot;;
        exit;
    }

    // Validate file size (max 5MB)
    if($file_size &gt; 5*1024*1024){
        echo &quot;File size must be less than 5MB.&quot;;
        exit;
    }

    // Move uploaded file to desired directory
    $upload_path = &#039;uploads/&#039;;
    $new_file_name = uniqid().&#039;.&#039;.$file_type;
    if(move_uploaded_file($file_tmp, $upload_path.$new_file_name)){
        echo &quot;File uploaded successfully.&quot;;
    } else {
        echo &quot;Error uploading file.&quot;;
    }
} else {
    echo &quot;Error uploading file.&quot;;
}
?&gt;

Keywords

file uploads PHP functions error handling security measures data validation

What are some best practices for handling file uploads in PHP functions?

Keywords

Related Questions