What are some potential pitfalls to be aware of when using <input type="file"> in PHP for file uploads?

One potential pitfall when using <input type="file"> for file uploads in PHP is not properly validating the file type and size before processing the upload. This can lead to security vulnerabilities such as allowing malicious files to be uploaded to the server. To mitigate this risk, always validate the file type and size on the server side before moving the file to its final destination.

&lt;?php
// Check if file is uploaded
if(isset($_FILES[&#039;file&#039;])){
    $file = $_FILES[&#039;file&#039;];
    
    // Validate file type
    $allowedTypes = [&#039;image/jpeg&#039;, &#039;image/png&#039;, &#039;image/gif&#039;];
    if(!in_array($file[&#039;type&#039;], $allowedTypes)){
        die(&#039;Invalid file type. Only JPG, PNG, and GIF files are allowed.&#039;);
    }
    
    // Validate file size
    $maxFileSize = 2 * 1024 * 1024; // 2MB
    if($file[&#039;size&#039;] &gt; $maxFileSize){
        die(&#039;File size exceeds the limit of 2MB.&#039;);
    }
    
    // Move uploaded file to destination folder
    move_uploaded_file($file[&#039;tmp_name&#039;], &#039;uploads/&#039; . $file[&#039;name&#039;]);
    echo &#039;File uploaded successfully.&#039;;
}
?&gt;

Keywords

file uploads input type file PHP security validation

What are some potential pitfalls to be aware of when using <input type="file"> in PHP for file uploads?

Keywords

Related Questions