File upload is one of the most important features in modern PHP websites \u2014 whether it\u2019s profile photos, documents, or PDFs.<\/p>\n\n\n\n
But many beginners upload files without validation<\/strong>, which can cause:<\/p>\n\n\n\n \u274c Security risks In this guide, you\u2019ll learn:<\/p>\n\n\n\n \u2714 How PHP file upload works Let\u2019s start \ud83d\ude80<\/p>\n\n\n\n First create a simple form:<\/p>\n\n\n\n Create \u26a0 This works but is NOT secure.<\/p>\n\n\n\n Let\u2019s make it safe \ud83d\udc47<\/p>\n\n\n\n Allow only images:<\/p>\n\n\n\n Limit to 2MB:<\/p>\n\n\n\n \u2714 Always validate file type Uploading files in PHP is easy \u2014 but uploading them securely<\/strong> is very important.<\/p>\n\n\n\n With proper validation, you can:<\/p>\n\n\n\n \u2705 Prevent hacking Bookmark this tutorial for future use \ud83d\ude0a<\/p>\n\n\n\n <\/p>\n
\u274c Server crashes
\u274c Invalid file formats<\/p>\n\n\n\n
\u2714 How to validate file size and type
\u2714 Secure file upload code<\/p>\n\n\n\n
\n\n\n\n\ud83d\udcc2 Basic HTML File Upload Form<\/h2>\n\n\n\n
<form action=\"upload.php\" method=\"post\" enctype=\"multipart\/form-data\">\n <input type=\"file\" name=\"file\">\n <button type=\"submit\">Upload<\/button>\n<\/form>\n<\/code><\/pre>\n\n\n\n
\n\n\n\n\ud83d\udce5 Simple PHP File Upload Code<\/h2>\n\n\n\n
upload.php<\/code>:<\/p>\n\n\n\n$targetDir = \"uploads\/\";\n$fileName = basename($_FILES[\"file\"][\"name\"]);\n$targetFile = $targetDir . $fileName;\n\nmove_uploaded_file($_FILES[\"file\"][\"tmp_name\"], $targetFile);\n\necho \"File uploaded successfully!\";\n<\/code><\/pre>\n\n\n\n
\n\n\n\n\u2705 Validate File Type<\/h2>\n\n\n\n
$allowedTypes = [\"jpg\", \"jpeg\", \"png\", \"pdf\"];\n$fileType = strtolower(pathinfo($targetFile, PATHINFO_EXTENSION));\n\nif(!in_array($fileType, $allowedTypes)){\n die(\"Only JPG, PNG & PDF files allowed!\");\n}\n<\/code><\/pre>\n\n\n\n
\n\n\n\n\u2705 Validate File Size<\/h2>\n\n\n\n
if($_FILES[\"file\"][\"size\"] > 2000000){\n die(\"File too large! Max 2MB allowed.\");\n}\n<\/code><\/pre>\n\n\n\n
\n\n\n\n\ud83d\udd10 Secure File Upload (Final Code)<\/h2>\n\n\n\n
$targetDir = \"uploads\/\";\n$fileName = time() . \"_\" . basename($_FILES[\"file\"][\"name\"]);\n$targetFile = $targetDir . $fileName;\n\n$allowedTypes = [\"jpg\",\"jpeg\",\"png\",\"pdf\"];\n$fileType = strtolower(pathinfo($targetFile, PATHINFO_EXTENSION));\n\nif(!in_array($fileType, $allowedTypes)){\n die(\"Invalid file type!\");\n}\n\nif($_FILES[\"file\"][\"size\"] > 2000000){\n die(\"File too large!\");\n}\n\nif(move_uploaded_file($_FILES[\"file\"][\"tmp_name\"], $targetFile)){\n echo \"File uploaded successfully!\";\n}else{\n echo \"Upload failed!\";\n}\n<\/code><\/pre>\n\n\n\n
\n\n\n\n\ud83d\udccc Best Practices for PHP File Upload<\/h2>\n\n\n\n
\u2714 Limit file size
\u2714 Rename file to avoid overwrite
\u2714 Store uploads in separate folder<\/p>\n\n\n\n
\n\n\n\n\ud83c\udfaf Final Words<\/h2>\n\n\n\n
\u2705 Avoid server overload
\u2705 Keep users safe<\/p>\n\n\n\n