What security measures should be implemented when handling file uploads in PHP?

When handling file uploads in PHP, it is important to implement security measures to prevent malicious files from being uploaded to your server. One way to do this is by checking the file type and size before allowing the upload to proceed. Additionally, you can rename the file to a random string to prevent any potential security risks associated with using the original file name.

// Check file type and size
$allowedTypes = [&#039;image/jpeg&#039;, &#039;image/png&#039;];
$maxSize = 5242880; // 5MB

if (!in_array($_FILES[&#039;file&#039;][&#039;type&#039;], $allowedTypes) || $_FILES[&#039;file&#039;][&#039;size&#039;] &gt; $maxSize) {
    die(&#039;Invalid file type or size.&#039;);
}

// Rename file to a random string
$fileName = uniqid() . &#039;_&#039; . $_FILES[&#039;file&#039;][&#039;name&#039;];
$uploadPath = &#039;/path/to/uploads/&#039; . $fileName;

if (move_uploaded_file($_FILES[&#039;file&#039;][&#039;tmp_name&#039;], $uploadPath)) {
    echo &#039;File uploaded successfully.&#039;;
} else {
    echo &#039;Error uploading file.&#039;;
}

Keywords

file uploads security measures PHP validation file handling

What security measures should be implemented when handling file uploads in PHP?

Keywords

Related Questions