What are some best practices for securely handling file uploads in PHP scripts?

When handling file uploads in PHP scripts, it is crucial to validate and sanitize the file before saving it to the server. This includes checking the file type, size, and ensuring it does not contain any malicious code. Additionally, it is recommended to store uploaded files outside the web root directory to prevent direct access.

// Validate file type
$allowedTypes = [&#039;jpg&#039;, &#039;jpeg&#039;, &#039;png&#039;, &#039;gif&#039;];
$extension = pathinfo($_FILES[&#039;file&#039;][&#039;name&#039;], PATHINFO_EXTENSION);
if (!in_array($extension, $allowedTypes)) {
    die(&#039;Invalid file type. Allowed types: jpg, jpeg, png, gif&#039;);
}

// Validate file size
$maxSize = 5 * 1024 * 1024; // 5MB
if ($_FILES[&#039;file&#039;][&#039;size&#039;] &gt; $maxSize) {
    die(&#039;File size exceeds the limit of 5MB&#039;);
}

// Sanitize file name
$fileName = preg_replace(&quot;/[^A-Za-z0-9.]/&quot;, &#039;&#039;, $_FILES[&#039;file&#039;][&#039;name&#039;]);

// Move file to secure directory
$uploadDir = &#039;/path/to/secure/directory/&#039;;
if (!move_uploaded_file($_FILES[&#039;file&#039;][&#039;tmp_name&#039;], $uploadDir . $fileName)) {
    die(&#039;Failed to upload file&#039;);
}

Keywords

file uploads PHP scripts security validation file handling

What are some best practices for securely handling file uploads in PHP scripts?

Keywords

Related Questions