What are the best practices for handling file uploads and checking file extensions in PHP?

When handling file uploads in PHP, it is important to validate file extensions to prevent malicious files from being uploaded to the server. One way to do this is by checking the file extension against a list of allowed extensions. This can help ensure that only safe file types are uploaded.

// Define an array of allowed file extensions
$allowedExtensions = array(&#039;jpg&#039;, &#039;jpeg&#039;, &#039;png&#039;, &#039;gif&#039;);

// Get the file extension of the uploaded file
$uploadedFileExtension = pathinfo($_FILES[&#039;file&#039;][&#039;name&#039;], PATHINFO_EXTENSION);

// Check if the file extension is in the list of allowed extensions
if (!in_array($uploadedFileExtension, $allowedExtensions)) {
    // Invalid file extension, handle the error accordingly
    echo &#039;Invalid file extension. Only JPG, JPEG, PNG, and GIF files are allowed.&#039;;
} else {
    // File extension is valid, proceed with file upload
    move_uploaded_file($_FILES[&#039;file&#039;][&#039;tmp_name&#039;], &#039;uploads/&#039; . $_FILES[&#039;file&#039;][&#039;name&#039;]);
    echo &#039;File uploaded successfully.&#039;;
}

Keywords

file uploads file extensions PHP security validation

What are the best practices for handling file uploads and checking file extensions in PHP?

Keywords

Related Questions