What potential pitfalls should be considered when coding an image upload form in PHP?

One potential pitfall to consider when coding an image upload form in PHP is the risk of allowing users to upload malicious files disguised as images. To mitigate this risk, you can validate the file type and size before allowing the upload to proceed. Additionally, you should store the uploaded images in a secure directory outside of the web root to prevent direct access.

// Validate file type and size before allowing upload
$allowedTypes = ['image/jpeg', 'image/png', 'image/gif'];
$maxSize = 5 * 1024 * 1024; // 5MB

if (in_array($_FILES['image']['type'], $allowedTypes) && $_FILES['image']['size'] <= $maxSize) {
    // Move uploaded file to secure directory
    $uploadPath = 'uploads/' . basename($_FILES['image']['name']);
    move_uploaded_file($_FILES['image']['tmp_name'], $uploadPath);
    echo 'Image uploaded successfully!';
} else {
    echo 'Invalid file type or size. Please upload a JPEG, PNG, or GIF file under 5MB.';
}