What security measures should be implemented in PHP image upload scripts to prevent malicious abuse?

To prevent malicious abuse in PHP image upload scripts, it is essential to implement security measures such as file type checking, file size limitation, and renaming uploaded files to prevent overwriting existing files or executing malicious scripts.

// Check if the uploaded file is an image
$allowed_types = array('image/jpeg', 'image/png', 'image/gif');
if (!in_array($_FILES['file']['type'], $allowed_types)) {
    die('Invalid file type. Only JPEG, PNG, and GIF files are allowed.');
}

// Limit the file size to prevent large uploads
$max_size = 5 * 1024 * 1024; // 5MB
if ($_FILES['file']['size'] > $max_size) {
    die('File size exceeds the limit of 5MB.');
}

// Rename the uploaded file to prevent overwriting existing files
$extension = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);
$new_filename = uniqid() . '.' . $extension;
move_uploaded_file($_FILES['file']['tmp_name'], 'uploads/' . $new_filename);