What are the best practices for handling file uploads in PHP to prevent possible security vulnerabilities, such as file upload attacks?

File upload attacks are a common security vulnerability in PHP applications. To prevent such attacks, it is important to validate and sanitize the file uploads before storing them on the server. This can be done by checking the file type, limiting the file size, and storing the files in a secure directory outside of the web root.

&lt;?php

// Check if a file was uploaded
if(isset($_FILES[&#039;file&#039;])) {
    $file = $_FILES[&#039;file&#039;];

    // Check file type
    $allowedTypes = [&#039;image/jpeg&#039;, &#039;image/png&#039;];
    if(!in_array($file[&#039;type&#039;], $allowedTypes)) {
        die(&#039;Invalid file type.&#039;);
    }

    // Limit file size
    if($file[&#039;size&#039;] &gt; 1000000) {
        die(&#039;File is too large.&#039;);
    }

    // Store file in a secure directory
    $uploadDir = &#039;uploads/&#039;;
    $uploadFile = $uploadDir . basename($file[&#039;name&#039;]);
    if(move_uploaded_file($file[&#039;tmp_name&#039;], $uploadFile)) {
        echo &#039;File uploaded successfully.&#039;;
    } else {
        echo &#039;Error uploading file.&#039;;
    }
}

?&gt;

Keywords

file uploads security vulnerabilities PHP validation file upload attacks

What are the best practices for handling file uploads in PHP to prevent possible security vulnerabilities, such as file upload attacks?

Keywords

Related Questions