Home >Database >Mysql Tutorial >How to Securely Restrict File Types in PHP File Uploads?
PHP File Upload: Restricting File Types
When handling file uploads, it's crucial to validate the uploaded file's type and size to ensure security and maintain intended functionality. The provided code aims to do so by checking the file extension, type, and size. However, it has some issues.
Issues with the Original Code:
Solution:
To address these issues, we can utilize the mime types for file validation and separate checks for the size limit.
Updated Code:
<code class="php">function allowed_file() { // Allowed mime types $allowed = array('application/doc', 'application/pdf', 'another/type'); // Validate file type using mime type if (in_array($_FILES['resume']['type'], $allowed) && in_array($_FILES['reference']['type'], $allowed)) { // Validate file size if ($_FILES["resume"]["size"] < 400000 && $_FILES["reference"]["size"] < 400000) { // Files are allowed; proceed with upload process... } } }</code>
Explanation:
The above is the detailed content of How to Securely Restrict File Types in PHP File Uploads?. For more information, please follow other related articles on the PHP Chinese website!