What are the recommended best practices for handling file uploads in PHP?

When handling file uploads in PHP, it is important to validate the file type and size to prevent security vulnerabilities such as file injection attacks. It is also recommended to store uploaded files outside of the web root directory to prevent direct access from the public. Additionally, consider renaming the file to prevent overwriting existing files with the same name.

&lt;?php
// Check if file was uploaded without errors
if(isset($_FILES[&#039;file&#039;]) &amp;&amp; $_FILES[&#039;file&#039;][&#039;error&#039;] == 0){
    $file = $_FILES[&#039;file&#039;];
    
    // Validate file type
    $allowed_types = [&#039;image/jpeg&#039;, &#039;image/png&#039;, &#039;image/gif&#039;];
    if(!in_array($file[&#039;type&#039;], $allowed_types)){
        die(&#039;Invalid file type. Allowed types: jpeg, png, gif&#039;);
    }
    
    // Validate file size (max 5MB)
    if($file[&#039;size&#039;] &gt; 5 * 1024 * 1024){
        die(&#039;File size exceeds limit of 5MB&#039;);
    }
    
    // Store file outside of web root directory
    $upload_dir = &#039;uploads/&#039;;
    $file_path = $upload_dir . basename($file[&#039;name&#039;]);
    
    if(move_uploaded_file($file[&#039;tmp_name&#039;], $file_path)){
        echo &#039;File uploaded successfully!&#039;;
    } else {
        echo &#039;Error uploading file&#039;;
    }
} else {
    echo &#039;Error uploading file&#039;;
}
?&gt;

Keywords

file uploads PHP security validation error handling

What are the recommended best practices for handling file uploads in PHP?

Keywords

Related Questions