What are some common mistakes to avoid when working with file uploads and displaying images in PHP?

One common mistake when working with file uploads in PHP is not validating the file type before allowing it to be uploaded. To avoid security risks, always check the file type and only allow specific file types to be uploaded. Additionally, another common mistake is not properly sanitizing the file name before saving it to the server to prevent against directory traversal attacks.

// Validate file type before allowing upload
$allowedTypes = [&#039;image/jpeg&#039;, &#039;image/png&#039;, &#039;image/gif&#039;];
if (!in_array($_FILES[&#039;file&#039;][&#039;type&#039;], $allowedTypes)) {
    die(&#039;Invalid file type. Allowed types: jpeg, png, gif&#039;);
}

// Sanitize file name before saving to server
$fileName = preg_replace(&quot;/[^A-Za-z0-9.]/&quot;, &#039;&#039;, $_FILES[&#039;file&#039;][&#039;name&#039;]);
move_uploaded_file($_FILES[&#039;file&#039;][&#039;tmp_name&#039;], &#039;uploads/&#039; . $fileName);

Keywords

file uploads images PHP error handling security

What are some common mistakes to avoid when working with file uploads and displaying images in PHP?

Keywords

Related Questions