What are the best practices for handling file uploads in PHP, especially when dealing with multiple file upload forms?
When handling file uploads in PHP, especially with multiple file upload forms, it's important to properly validate and sanitize the uploaded files to prevent security vulnerabilities. Use unique file names to avoid overwriting existing files and store the files in a secure directory outside the web root. Additionally, consider limiting the file types and sizes that can be uploaded to prevent abuse.
// Example PHP code snippet for handling multiple file uploads
// Check if files were uploaded
if(isset($_FILES['files'])){
$errors = [];
$uploaded_files = [];
$upload_dir = 'uploads/';
foreach($_FILES['files']['tmp_name'] as $key => $tmp_name){
$file_name = $_FILES['files']['name'][$key];
$file_size = $_FILES['files']['size'][$key];
$file_tmp = $_FILES['files']['tmp_name'][$key];
$file_type = $_FILES['files']['type'][$key];
// Validate file type and size
// Move uploaded file to secure directory
$new_file_name = uniqid() . '_' . $file_name;
$upload_path = $upload_dir . $new_file_name;
if(move_uploaded_file($file_tmp, $upload_path)){
$uploaded_files[] = $new_file_name;
} else {
$errors[] = "Error uploading $file_name";
}
}
if(!empty($errors)){
foreach($errors as $error){
echo $error . "<br>";
}
}
if(!empty($uploaded_files)){
echo "Files uploaded successfully: " . implode(', ', $uploaded_files);
}
}