What security measures should be taken when allowing file uploads on a PHP server?

When allowing file uploads on a PHP server, it is important to implement security measures to prevent malicious files from being uploaded. One common approach is to restrict the file types that can be uploaded, validate file size, and store the uploaded files outside of the web root directory to prevent direct access.

// Set allowed file types
$allowed_types = array(&#039;jpg&#039;, &#039;jpeg&#039;, &#039;png&#039;, &#039;gif&#039;);

// Set maximum file size
$max_size = 2 * 1024 * 1024; // 2MB

// Set upload directory outside of web root
$upload_dir = &#039;/var/www/uploads/&#039;;

// Check if file type is allowed
$ext = pathinfo($_FILES[&#039;file&#039;][&#039;name&#039;], PATHINFO_EXTENSION);
if (!in_array($ext, $allowed_types)) {
    die(&#039;Invalid file type.&#039;);
}

// Check file size
if ($_FILES[&#039;file&#039;][&#039;size&#039;] &gt; $max_size) {
    die(&#039;File is too large.&#039;);
}

// Move uploaded file to upload directory
if (move_uploaded_file($_FILES[&#039;file&#039;][&#039;tmp_name&#039;], $upload_dir . $_FILES[&#039;file&#039;][&#039;name&#039;])) {
    echo &#039;File uploaded successfully.&#039;;
} else {
    echo &#039;Error uploading file.&#039;;
}

Keywords

file uploads PHP server security measures validation file type restrictions

What security measures should be taken when allowing file uploads on a PHP server?

Keywords

Related Questions