What are some best practices for implementing a file upload feature in a PHP contact form?

When implementing a file upload feature in a PHP contact form, it is important to ensure that the server can handle file uploads securely and efficiently. Best practices include validating file types and sizes, storing uploaded files in a secure directory outside of the web root, and sanitizing file names to prevent malicious attacks.

&lt;?php
// Check if a file has been uploaded
if(isset($_FILES[&#039;file&#039;]) &amp;&amp; $_FILES[&#039;file&#039;][&#039;error&#039;] === UPLOAD_ERR_OK) {
    $uploadDir = &#039;uploads/&#039;;
    $uploadFile = $uploadDir . basename($_FILES[&#039;file&#039;][&#039;name&#039;]);

    // Validate file type
    $fileType = pathinfo($uploadFile, PATHINFO_EXTENSION);
    if(in_array($fileType, [&#039;jpg&#039;, &#039;jpeg&#039;, &#039;png&#039;, &#039;pdf&#039;])) {
        // Move the uploaded file to a secure directory
        if(move_uploaded_file($_FILES[&#039;file&#039;][&#039;tmp_name&#039;], $uploadFile)) {
            echo &#039;File uploaded successfully.&#039;;
        } else {
            echo &#039;Error uploading file.&#039;;
        }
    } else {
        echo &#039;Invalid file type. Allowed types: jpg, jpeg, png, pdf.&#039;;
    }
}
?&gt;

Keywords

file upload PHP contact form security measures validation error handling

What are some best practices for implementing a file upload feature in a PHP contact form?

Keywords

Related Questions