What potential issue arises when using the $_FILES array in PHP for file uploads?

When using the $_FILES array in PHP for file uploads, one potential issue is that the uploaded file may not be secure. To solve this issue, it is important to validate the file before moving it to a permanent location on the server. This can be done by checking the file type, size, and ensuring that the file does not already exist in the upload directory.

// Example of validating and moving an uploaded file
if ($_FILES['file']['error'] === UPLOAD_ERR_OK) {
    $file_name = $_FILES['file']['name'];
    $file_tmp = $_FILES['file']['tmp_name'];
    
    // Validate file type
    $file_ext = pathinfo($file_name, PATHINFO_EXTENSION);
    $allowed_extensions = array('jpg', 'jpeg', 'png', 'gif');
    
    if (!in_array($file_ext, $allowed_extensions)) {
        echo "Invalid file type.";
    } else {
        // Move the file to a permanent location
        $upload_dir = 'uploads/';
        $new_file_path = $upload_dir . $file_name;
        
        if (move_uploaded_file($file_tmp, $new_file_path)) {
            echo "File uploaded successfully.";
        } else {
            echo "Error uploading file.";
        }
    }
} else {
    echo "Error uploading file.";
}