What are some best practices for handling file uploads in PHP forms with enctype=multipart/form-data?

When handling file uploads in PHP forms with enctype="multipart/form-data", it is important to ensure that the file upload process is secure and error-free. Some best practices include validating the file type and size, moving the uploaded file to a secure directory on the server, and generating a unique filename to prevent overwriting existing files.

<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['file'])) {
    $file = $_FILES['file'];

    // Validate file type
    $allowed_types = ['image/jpeg', 'image/png', 'image/gif'];
    if (!in_array($file['type'], $allowed_types)) {
        die("Invalid file type. Only JPG, PNG, and GIF files are allowed.");
    }

    // Validate file size
    if ($file['size'] > 5242880) { // 5MB
        die("File is too large. Maximum file size is 5MB.");
    }

    // Move uploaded file to secure directory
    $upload_dir = 'uploads/';
    $filename = uniqid() . '_' . $file['name'];
    if (move_uploaded_file($file['tmp_name'], $upload_dir . $filename)) {
        echo "File uploaded successfully.";
    } else {
        die("Error uploading file.");
    }
}
?>