What are some best practices for handling file uploads in PHP to ensure security and proper functionality?

When handling file uploads in PHP, it is important to validate the file type, size, and content to prevent malicious files from being uploaded. Additionally, it is crucial to store uploaded files outside of the web root directory to prevent direct access. To enhance security, consider using unique file names and implementing file upload limits.

// Check if the file has been uploaded
if(isset($_FILES[&#039;file&#039;])){
    $file = $_FILES[&#039;file&#039;];
    
    // Validate file type
    $allowedTypes = [&#039;image/jpeg&#039;, &#039;image/png&#039;];
    if(!in_array($file[&#039;type&#039;], $allowedTypes)){
        die(&#039;Invalid file type&#039;);
    }
    
    // Validate file size
    if($file[&#039;size&#039;] &gt; 5242880){ // 5MB
        die(&#039;File is too large&#039;);
    }
    
    // Move the uploaded file to a secure directory
    $uploadDir = &#039;uploads/&#039;;
    $uploadFile = $uploadDir . basename($file[&#039;name&#039;]);
    if(move_uploaded_file($file[&#039;tmp_name&#039;], $uploadFile)){
        echo &#039;File uploaded successfully&#039;;
    } else {
        echo &#039;Error uploading file&#039;;
    }
}

Keywords

file uploads PHP security functionality best practices

What are some best practices for handling file uploads in PHP to ensure security and proper functionality?

Keywords

Related Questions