What are the best practices for handling file extensions and file sizes in PHP file uploads?

When handling file uploads in PHP, it is important to validate file extensions to prevent malicious files from being uploaded. Additionally, it is recommended to limit the file size to prevent large files from overwhelming the server. One way to achieve this is by using the '$_FILES' superglobal array to access information about the uploaded file, including the file extension and size.

// Validate file extension
$allowedExtensions = array(&#039;jpg&#039;, &#039;jpeg&#039;, &#039;png&#039;, &#039;gif&#039;);
$uploadedFileExtension = pathinfo($_FILES[&#039;file&#039;][&#039;name&#039;], PATHINFO_EXTENSION);

if (!in_array($uploadedFileExtension, $allowedExtensions)) {
    echo &quot;Invalid file extension. Please upload a JPG, JPEG, PNG, or GIF file.&quot;;
    exit;
}

// Limit file size
$maxFileSize = 5 * 1024 * 1024; // 5MB
if ($_FILES[&#039;file&#039;][&#039;size&#039;] &gt; $maxFileSize) {
    echo &quot;File size exceeds the limit of 5MB. Please upload a smaller file.&quot;;
    exit;
}

// Process file upload
// Your code to move the uploaded file to the desired location

Keywords

file extensions file sizes PHP file uploads validation error handling

What are the best practices for handling file extensions and file sizes in PHP file uploads?

Keywords

Related Questions