What are the best practices for handling file uploads in PHP, including directory creation and file moving?

When handling file uploads in PHP, it is important to ensure proper security measures are in place to prevent malicious uploads. This includes validating file types, setting file size limits, and sanitizing file names. Additionally, creating a unique directory for each upload and moving the files to that directory can help organize and secure the uploaded files.

&lt;?php
// Validate file type
$allowed_types = array(&#039;image/jpeg&#039;, &#039;image/png&#039;, &#039;image/gif&#039;);
if (!in_array($_FILES[&#039;file&#039;][&#039;type&#039;], $allowed_types)) {
    die(&#039;Invalid file type.&#039;);
}

// Set file size limit
$max_size = 5 * 1024 * 1024; // 5MB
if ($_FILES[&#039;file&#039;][&#039;size&#039;] &gt; $max_size) {
    die(&#039;File size exceeds limit.&#039;);
}

// Sanitize file name
$filename = preg_replace(&quot;/[^A-Za-z0-9.]/&quot;, &#039;&#039;, $_FILES[&#039;file&#039;][&#039;name&#039;]);

// Create unique directory
$upload_dir = &#039;uploads/&#039; . uniqid() . &#039;/&#039;;
if (!file_exists($upload_dir)) {
    mkdir($upload_dir, 0777, true);
}

// Move file to directory
if (move_uploaded_file($_FILES[&#039;file&#039;][&#039;tmp_name&#039;], $upload_dir . $filename)) {
    echo &#039;File uploaded successfully.&#039;;
} else {
    echo &#039;Failed to upload file.&#039;;
}
?&gt;

Keywords

file uploads directory creation file moving PHP functions error handling

What are the best practices for handling file uploads in PHP, including directory creation and file moving?

Keywords

Related Questions