What are some best practices for handling file uploads and permissions in PHP?

When handling file uploads in PHP, it is important to validate and sanitize user input to prevent security vulnerabilities such as file injection attacks. Additionally, setting appropriate file permissions on uploaded files can help protect sensitive data and prevent unauthorized access.

// Validate and sanitize file upload
if(isset($_FILES[&#039;file&#039;])) {
    $file_name = $_FILES[&#039;file&#039;][&#039;name&#039;];
    $file_tmp = $_FILES[&#039;file&#039;][&#039;tmp_name&#039;];
    $file_size = $_FILES[&#039;file&#039;][&#039;size&#039;];
    $file_type = $_FILES[&#039;file&#039;][&#039;type&#039;];

    // Validate file type
    $allowed_extensions = array(&#039;jpg&#039;, &#039;jpeg&#039;, &#039;png&#039;, &#039;gif&#039;);
    $file_extension = pathinfo($file_name, PATHINFO_EXTENSION);
    if(!in_array($file_extension, $allowed_extensions)) {
        die(&#039;Invalid file type.&#039;);
    }

    // Sanitize file name
    $sanitized_file_name = filter_var($file_name, FILTER_SANITIZE_STRING);

    // Move uploaded file to desired directory
    move_uploaded_file($file_tmp, &#039;uploads/&#039; . $sanitized_file_name);
}

// Set appropriate file permissions
$file_path = &#039;uploads/&#039; . $sanitized_file_name;
chmod($file_path, 0644);

Keywords

file uploads permissions PHP security error handling

What are some best practices for handling file uploads and permissions in PHP?

Keywords

Related Questions